CVE-2020-11041 – Improper Validation of Array Index in FreeRDP
https://notcve.org/view.php?id=CVE-2020-11041
In FreeRDP less than or equal to 2.0.0, an outside controlled array index is used unchecked for data used as configuration for sound backend (alsa, oss, pulse, ...). The most likely outcome is a crash of the client instance followed by no or distorted sound or a session disconnect. If a user cannot upgrade to the patched version, a workaround is to disable sound for the session. This has been patched in 2.1.0. En FreeRDP versiones anteriores o iguales a 2.0.0, un índice de matriz controlado del exterior es usado sin comprobar los datos usados como configuración para el backend de sonido (alsa, oss, pulse, ...). • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-w67c-26c4-2h9w https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html https://access.redhat.com/security/cve/CVE-2020-11041 https://bugzilla.redhat.com/show_bug.cgi?id=1848034 • CWE-125: Out-of-bounds Read CWE-129: Improper Validation of Array Index •
CVE-2020-11040 – Out-of-bounds Read in FreeRDP
https://notcve.org/view.php?id=CVE-2020-11040
In FreeRDP less than or equal to 2.0.0, there is an out-of-bound data read from memory in clear_decompress_subcode_rlex, visualized on screen as color. This has been patched in 2.1.0. En FreeRDP versiones anteriores o iguales a 2.0.0, se presenta una lectura de datos fuera de límites desde la memoria en la función clear_decompress_subcode_rlex, visualizada en pantalla como color. Esto ha sido parcheado en la versión 2.1.0. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x4wq-m7c9-rjgr https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html https://access.redhat.com/security/cve/CVE-2020-11040 https://bugzilla.redhat.com/show_bug.cgi?id=1848029 • CWE-125: Out-of-bounds Read •
CVE-2020-11017 – Double free in cliprdr_server_receive_capabilities in FreeRDP
https://notcve.org/view.php?id=CVE-2020-11017
In FreeRDP less than or equal to 2.0.0, by providing manipulated input a malicious client can create a double free condition and crash the server. This is fixed in version 2.1.0. En FreeRDP versiones anteriores o iguales a 2.0.0, al proporcionar una entrada manipulada un cliente malicioso puede crear una condición de doble liberación y bloquear el servidor. Esto está corregido en la versión 2.1.0. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5c8-fm29-q57c https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html • CWE-415: Double Free •
CVE-2020-11019 – Out of bound read in update_recv in FreeRDP
https://notcve.org/view.php?id=CVE-2020-11019
In FreeRDP less than or equal to 2.0.0, when running with logger set to "WLOG_TRACE", a possible crash of application could occur due to a read of an invalid array index. Data could be printed as string to local terminal. This has been fixed in 2.1.0. En FreeRDP versiones anteriores o iguales a 2.0.0, cuando se ejecuta con el registrador establecido en "WLOG_TRACE", podría producirse un posible bloqueo de aplicación debido a una lectura de un índice de matriz no válido. Los datos podrían ser impresos como una cadena en una terminal local. • https://github.com/Lixterclarixe/CVE-2020-11019 http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wvrr-2f4r-hjvh https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html https://access.redhat.com/security/cve/CVE-2020-11019 https://bugzilla.redhat.com/show_bug.cgi?id=1848012 • CWE-125: Out-of-bounds Read •
CVE-2020-11086 – Out-of-bounds Read in FreeRDP `ntlm_read_ntlm_v2_response`
https://notcve.org/view.php?id=CVE-2020-11086
In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_ntlm_v2_client_challenge that reads up to 28 bytes out-of-bound to an internal structure. This has been fixed in 2.1.0. En FreeRDP versiones anteriores o iguales a 2.0.0, se presenta una lectura fuera de límites en la función ntlm_read_ntlm_v2_client_challenge que lee hasta 28 bytes fuera del límite en una estructura interna. Esto ha sido corregido en la versión 2.1.0. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html https://github.com/FreeRDP/FreeRDP/commit/c098f21fdaadca57ff649eee1674f6cc321a2ec4 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fg8v-w34r-c974 https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html https://access.redhat.com/security/cve/CVE-2020-11086 https://bugzilla.redhat.com/show_bug.cgi?id=1844166 • CWE-125: Out-of-bounds Read •