CVSS: 3.5EPSS: 0%CPEs: 13EXPL: 1CVE-2020-11526 – freerdp: Stream pointer out of bounds in update_recv_secondary_order could lead out of bounds read later
https://notcve.org/view.php?id=CVE-2020-11526
libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc4 has an Out-of-bounds Read. El archivo libfreerdp/core/update.c en FreeRDP versiones posteriores a 1.1 hasta 2.0.0-rc4, presenta una Lectura Fuera de límites. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html https://github.com/FreeRDP/FreeRDP/commits/master https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-97jw-m5w5-xvf9 https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html https://pub.freerdp.com/cve/CVE-2020-11526/pocAnalysis_4.pdf https://usn.ubuntu.com/4379-1 https://usn.ubuntu.com/4382-1 https://access.redhat.com/security/cve/CVE-2020-11526 https://bugzilla.redhat.com/show_bu • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVSS: 3.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-11058 – Improper Restriction of Operations within the Bounds of a Memory Buffer in FreeRDP
https://notcve.org/view.php?id=CVE-2020-11058
In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in rdp_read_font_capability_set could lead to a later out-of-bounds read. As a result, a manipulated client or server might force a disconnect due to an invalid data read. This has been fixed in 2.0.0. En FreeRDP versiones posteriores a 1.1 y anteriores a 2.0.0, una búsqueda fuera de límites de flujo de datos en rdp_read_font_capability_set podría conllevar a una posterior lectura fuera de límites. Como resultado, un cliente o servidor manipulado podría forzar una desconexión debido a una lectura de datos no válida. • https://github.com/FreeRDP/FreeRDP/commit/3627aaf7d289315b614a584afb388f04abfb5bbf https://github.com/FreeRDP/FreeRDP/issues/6011 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wjg2-2f82-466g https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html https://usn.ubuntu.com/4379-1 https://usn.ubuntu.com/4382-1 https://access.redhat.com/security/cve/CVE-2020-11058 https://bugzilla.redhat.com/show_bug&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 5.9EPSS: 1%CPEs: 7EXPL: 1CVE-2020-11042 – Out-of-bounds Read in FreeRDP
https://notcve.org/view.php?id=CVE-2020-11042
In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bounds read in update_read_icon_info. It allows reading a attacker-defined amount of client memory (32bit unsigned -> 4GB) to an intermediate buffer. This can be used to crash the client or store information for later retrieval. This has been patched in 2.0.0. En FreeRDP versiones superiores a 1.2 y versiones anteriores a 2.0.0, se presenta una lectura fuera de límites en update_read_icon_info. • https://github.com/FreeRDP/FreeRDP/commit/6b2bc41935e53b0034fe5948aeeab4f32e80f30f https://github.com/FreeRDP/FreeRDP/issues/6010 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9jp6-5vf2-cx2q https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html https://usn.ubuntu.com/4379-1 https://usn.ubuntu.com/4382-1 https://access.redhat.com/security/cve/CVE-2020-11042 https://bugzilla.redhat.com/show_bug&# • CWE-125: Out-of-bounds Read •
CVSS: 3.5EPSS: 0%CPEs: 5EXPL: 1CVE-2020-11044 – Double Free in FreeRDP
https://notcve.org/view.php?id=CVE-2020-11044
In FreeRDP greater than 1.2 and before 2.0.0, a double free in update_read_cache_bitmap_v3_order crashes the client application if corrupted data from a manipulated server is parsed. This has been patched in 2.0.0. En FreeRDP versiones superiores a 1.2 y versiones anteriores a 2.0.0, una doble liberación en update_read_cache_bitmap_v3_order bloquea la aplicación del cliente si los datos corruptos son analizados desde un servidor manipulado. Esto ha sido parcheado en la versión 2.0.0. • https://github.com/FreeRDP/FreeRDP/commit/67c2aa52b2ae0341d469071d1bc8aab91f8d2ed8 https://github.com/FreeRDP/FreeRDP/issues/6013 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgqh-p732-6x2w https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html https://usn.ubuntu.com/4379-1 https://access.redhat.com/security/cve/CVE-2020-11044 https://bugzilla.redhat.com/show_bug.cgi?id=1835391 • CWE-415: Double Free CWE-672: Operation on a Resource after Expiration or Release •
CVSS: 4.9EPSS: 0%CPEs: 7EXPL: 1CVE-2020-11045 – Out-of-bounds Read in FreeRDP
https://notcve.org/view.php?id=CVE-2020-11045
In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bound read in in update_read_bitmap_data that allows client memory to be read to an image buffer. The result displayed on screen as colour. En FreeRDP versiones posteriores a 1.0 y versiones anteriores a 2.0.0, se presenta una lectura fuera de límite en update_read_bitmap_data que permite que la memoria del cliente sea leída en un búfer imagen. El resultado se muestra en la pantalla como colour. • https://github.com/FreeRDP/FreeRDP/commit/f8890a645c221823ac133dbf991f8a65ae50d637 https://github.com/FreeRDP/FreeRDP/issues/6005 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3x39-248q-f4q6 https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html https://usn.ubuntu.com/4379-1 https://usn.ubuntu.com/4382-1 https://access.redhat.com/security/cve/CVE-2020-11045 https://bugzilla.redhat.com/show_bug&# • CWE-125: Out-of-bounds Read •