CVSS: 6.9EPSS: 0%CPEs: 3EXPL: 0CVE-2020-11038 – Integer Overflow to Buffer Overflow in FreeRDP
https://notcve.org/view.php?id=CVE-2020-11038
In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer Overflow exists. When using /video redirection, a manipulated server can instruct the client to allocate a buffer with a smaller size than requested due to an integer overflow in size calculation. With later messages, the server can manipulate the client to write data out of bound to the previously allocated buffer. This has been patched in 2.1.0. En FreeRDP versiones anteriores o iguales a 2.0.0, se presenta un Desbordamiento de Enteros en un Desbordamiento de Búfer. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-h25x-cqr6-fp6g https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html https://access.redhat.com/security/cve/CVE-2020-11038 https://bugzilla.redhat.com/show_bug.cgi?id=1848018 • CWE-190: Integer Overflow or Wraparound CWE-680: Integer Overflow to Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 8.0EPSS: 0%CPEs: 3EXPL: 0CVE-2020-11039 – Integer Overflow in FreeRDP
https://notcve.org/view.php?id=CVE-2020-11039
In FreeRDP less than or equal to 2.0.0, when using a manipulated server with USB redirection enabled (nearly) arbitrary memory can be read and written due to integer overflows in length checks. This has been patched in 2.1.0. En FreeRDP versiones anteriores o iguales a 2.0.0, cuando se usa un servidor manipulado con redirección del USB permitió que (por poco) una memoria arbitraria pueda ser leída y escrita debido a unos desbordamientos de enteros en las comprobaciones de longitud. Esto ha sido parcheado en la versión 2.1.0. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mx9p-f6q8-mqwq https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html https://access.redhat.com/security/cve/CVE-2020-11039 https://bugzilla.redhat.com/show_bug.cgi?id=1848022 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 4.0EPSS: 0%CPEs: 3EXPL: 0CVE-2020-11040 – Out-of-bounds Read in FreeRDP
https://notcve.org/view.php?id=CVE-2020-11040
In FreeRDP less than or equal to 2.0.0, there is an out-of-bound data read from memory in clear_decompress_subcode_rlex, visualized on screen as color. This has been patched in 2.1.0. En FreeRDP versiones anteriores o iguales a 2.0.0, se presenta una lectura de datos fuera de límites desde la memoria en la función clear_decompress_subcode_rlex, visualizada en pantalla como color. Esto ha sido parcheado en la versión 2.1.0. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x4wq-m7c9-rjgr https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html https://access.redhat.com/security/cve/CVE-2020-11040 https://bugzilla.redhat.com/show_bug.cgi?id=1848029 • CWE-125: Out-of-bounds Read •
CVSS: 4.0EPSS: 0%CPEs: 3EXPL: 0CVE-2020-11041 – Improper Validation of Array Index in FreeRDP
https://notcve.org/view.php?id=CVE-2020-11041
In FreeRDP less than or equal to 2.0.0, an outside controlled array index is used unchecked for data used as configuration for sound backend (alsa, oss, pulse, ...). The most likely outcome is a crash of the client instance followed by no or distorted sound or a session disconnect. If a user cannot upgrade to the patched version, a workaround is to disable sound for the session. This has been patched in 2.1.0. En FreeRDP versiones anteriores o iguales a 2.0.0, un índice de matriz controlado del exterior es usado sin comprobar los datos usados como configuración para el backend de sonido (alsa, oss, pulse, ...). • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-w67c-26c4-2h9w https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html https://access.redhat.com/security/cve/CVE-2020-11041 https://bugzilla.redhat.com/show_bug.cgi?id=1848034 • CWE-125: Out-of-bounds Read CWE-129: Improper Validation of Array Index •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2020-11043 – Out-of-bounds Read in FreeRDP
https://notcve.org/view.php?id=CVE-2020-11043
In FreeRDP less than or equal to 2.0.0, there is an out-of-bounds read in rfx_process_message_tileset. Invalid data fed to RFX decoder results in garbage on screen (as colors). This has been patched in 2.1.0. En FreeRDP versiones anteriores o iguales a 2.0.0, se presenta una lectura fuera de límites en la función rfx_process_message_tileset. Los datos no válidos introducidos al decodificador de RFX resulta en una basura en pantalla (como colores). • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5mr4-28w3-rc84 https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html https://access.redhat.com/security/cve/CVE-2020-11043 https://bugzilla.redhat.com/show_bug.cgi?id=1848038 • CWE-125: Out-of-bounds Read •