CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-11018 – Out of bound read in cliprdr_server_receive_capabilities in FreeRDP
https://notcve.org/view.php?id=CVE-2020-11018
In FreeRDP less than or equal to 2.0.0, a possible resource exhaustion vulnerability can be performed. Malicious clients could trigger out of bound reads causing memory allocation with random size. This has been fixed in 2.1.0. En FreeRDP versiones anteriores o iguales a 2.0.0, una posible vulnerabilidad de agotamiento de recursos puede ser realizada . Los clientes maliciosos podrían desencadenar lecturas fuera de límite causando una asignación de memoria con tamaño aleatorio. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8cvc-vcw7-6mfw https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html https://access.redhat.com/security/cve/CVE-2020-11018 https://bugzilla.redhat.com/show_bug.cgi?id=1848008 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2020-11019 – Out of bound read in update_recv in FreeRDP
https://notcve.org/view.php?id=CVE-2020-11019
In FreeRDP less than or equal to 2.0.0, when running with logger set to "WLOG_TRACE", a possible crash of application could occur due to a read of an invalid array index. Data could be printed as string to local terminal. This has been fixed in 2.1.0. En FreeRDP versiones anteriores o iguales a 2.0.0, cuando se ejecuta con el registrador establecido en "WLOG_TRACE", podría producirse un posible bloqueo de aplicación debido a una lectura de un índice de matriz no válido. Los datos podrían ser impresos como una cadena en una terminal local. • https://github.com/Lixterclarixe/CVE-2020-11019 http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wvrr-2f4r-hjvh https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html https://access.redhat.com/security/cve/CVE-2020-11019 https://bugzilla.redhat.com/show_bug.cgi?id=1848012 • CWE-125: Out-of-bounds Read •
CVSS: 6.1EPSS: 0%CPEs: 8EXPL: 0CVE-2020-13397 – freerdp: Out-of-bounds read in security_fips_decrypt in libfreerdp/core/security.c
https://notcve.org/view.php?id=CVE-2020-13397
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in libfreerdp/core/security.c due to an uninitialized value. Se detectó un problema en FreeRDP versiones anteriores a 2.1.1. Ha sido detectada una vulnerabilidad de lectura fuera de límites (OOB) en la función security_fips_decrypt en el archivo libfreerdp/core/security.c debido a un valor no inicializado. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html https://github.com/FreeRDP/FreeRDP/commit/8fb6336a4072abcee8ce5bd6ae91104628c7bb69 https://github.com/FreeRDP/FreeRDP/commit/d6cd14059b257318f176c0ba3ee0a348826a9ef8 https://github.com/FreeRDP/FreeRDP/compare/2.1.0...2.1.1 https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html https://usn.ubuntu.com/4379-1 https://usn.ubuntu.com/4382-1 https:& • CWE-125: Out-of-bounds Read CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2020-13396 – freerdp: Out-of-bounds read in ntlm_read_ChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c.
https://notcve.org/view.php?id=CVE-2020-13396
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in ntlm_read_ChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c. Se detectó un problema en FreeRDP versiones anteriores a 2.1.1. Se detectó una vulnerabilidad de lectura fuera de límites (OOB) en la función ntlm_read_ChallengeMessage en el archivo winpr/libwinpr/sspi/NTLM/ ntlm_message.c. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html https://github.com/FreeRDP/FreeRDP/commit/48361c411e50826cb602c7aab773a8a20e1da6bc https://github.com/FreeRDP/FreeRDP/commit/8fb6336a4072abcee8ce5bd6ae91104628c7bb69 https://github.com/FreeRDP/FreeRDP/compare/2.1.0...2.1.1 https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html https://usn.ubuntu.com/4379-1 https://usn.ubuntu.com/4382-1 https:& • CWE-125: Out-of-bounds Read •
CVSS: 8.3EPSS: 0%CPEs: 8EXPL: 0CVE-2020-13398 – freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c
https://notcve.org/view.php?id=CVE-2020-13398
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c. Se detectó un problema en FreeRDP versiones anteriores a 2.1.1. Ha sido detectada una vulnerabilidad de escritura fuera de límites (OOB) en la función crypto_rsa_common en el archivo libfreerdp/crypto/crypto.c. An issue was found in freerdp's libfreerdp/crypto/crypto.c, in versions before 2.1.1, where buffer access with an incorrect length value, leads to an out-of-bounds write. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html https://github.com/FreeRDP/FreeRDP/commit/8305349a943c68b1bc8c158f431dc607655aadea https://github.com/FreeRDP/FreeRDP/commit/8fb6336a4072abcee8ce5bd6ae91104628c7bb69 https://github.com/FreeRDP/FreeRDP/compare/2.1.0...2.1.1 https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html https://usn.ubuntu.com/4379-1 https://usn.ubuntu.com/4382-1 https:& • CWE-787: Out-of-bounds Write •