CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2020-11046 – Improper Restriction of Operations within the Bounds of a Memory Buffer in FreeRDP
https://notcve.org/view.php?id=CVE-2020-11046
In FreeRDP after 1.0 and before 2.0.0, there is a stream out-of-bounds seek in update_read_synchronize that could lead to a later out-of-bounds read. En FreeRDP versiones posteriores a 1.0 y versiones anteriores a 2.0.0, se presenta una búsqueda fuera de límites de flujo de datos en update_read_synchronize que podría conllevar a una lectura posterior fuera de límites. • https://github.com/FreeRDP/FreeRDP/commit/ed53cd148f43cbab905eaa0f5308c2bf3c48cc37 https://github.com/FreeRDP/FreeRDP/issues/6006 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hx48-wmmm-mr5q https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html https://usn.ubuntu.com/4379-1 https://usn.ubuntu.com/4382-1 https://access.redhat.com/security/cve/CVE-2020-11046 https://bugzilla.redhat.com/show_bug&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 3.5EPSS: 0%CPEs: 7EXPL: 1CVE-2020-11048 – Out-of-bounds Read in FreeRDPrdp_read_flow_control_pdu
https://notcve.org/view.php?id=CVE-2020-11048
In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bounds read. It only allows to abort a session. No data extraction is possible. This has been fixed in 2.0.0. En FreeRDP versiones posteriores a 1.0 y versiones anteriores a 2.0.0, se presenta una lectura fuera de límite. • https://github.com/FreeRDP/FreeRDP/commit/9301bfe730c66180263248b74353daa99f5a969b https://github.com/FreeRDP/FreeRDP/issues/6007 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hv8w-f2hx-5gcv https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html https://usn.ubuntu.com/4379-1 https://usn.ubuntu.com/4382-1 https://access.redhat.com/security/cve/CVE-2020-11048 https://bugzilla.redhat.com/show_bug&# • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 1%CPEs: 11EXPL: 0CVE-2019-17177
https://notcve.org/view.php?id=CVE-2019-17177
libfreerdp/codec/region.c in FreeRDP through 1.1.x and 2.x through 2.0.0-rc4 has memory leaks because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value. El archivo libfreerdp/codec/region.c en FreeRDP versiones hasta 1.1.x y versiones 2.x hasta 2.0.0-rc4, presenta pérdidas de memoria porque un puntero realloc suministrado (es decir, el primer argumento para realloc) también es usado para un valor de retorno realloc. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00005.html https://github.com/FreeRDP/FreeRDP/commit/9fee4ae076b1ec97b97efb79ece08d1dab4df29a https://github.com/FreeRDP/FreeRDP/issues/5645 https://security.gentoo.org/glsa/202005-07 https://usn.ubuntu.com/4379-1 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2019-17178
https://notcve.org/view.php?id=CVE-2019-17178
HuffmanTree_makeFromFrequencies in lodepng.c in LodePNG through 2019-09-28, as used in WinPR in FreeRDP and other products, has a memory leak because a supplied realloc pointer (i.e., the first argument to realloc) is also used for a realloc return value. La función HuffmanTree_makeFromFrequencies en el archivo lodepng.c en LodePNG hasta el 28-09-2019, como es usado en WinPR en FreeRDP y otros productos, presenta una pérdida de memoria porque un puntero realloc suministrado (es decir, el primer argumento para realloc) también es usado para un valor de retorno de realloc . • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00005.html https://github.com/FreeRDP/FreeRDP/commit/9fee4ae076b1ec97b97efb79ece08d1dab4df29a https://github.com/FreeRDP/FreeRDP/issues/5645 • CWE-252: Unchecked Return Value CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.5EPSS: 0%CPEs: 9EXPL: 1CVE-2018-1000852 – freerdp: out of bounds read in drdynvc_process_capability_request
https://notcve.org/view.php?id=CVE-2018-1000852
FreeRDP FreeRDP 2.0.0-rc3 released version before commit 205c612820dac644d665b5bb1cdf437dc5ca01e3 contains a Other/Unknown vulnerability in channels/drdynvc/client/drdynvc_main.c, drdynvc_process_capability_request that can result in The RDP server can read the client's memory.. This attack appear to be exploitable via RDPClient must connect the rdp server with echo option. This vulnerability appears to have been fixed in after commit 205c612820dac644d665b5bb1cdf437dc5ca01e3. FreeRDP 2.0.0-rc3, en versiones anteriores al commit con ID 205c612820dac644d665b5bb1cdf437dc5ca01e3, contiene una vulnerabilidad desconocida en channels/drdynvc/client/drdynvc_main.c, drdynvc_process_capability_request que puede resultar en que el servidor RDP sea capaz de leer la memoria del cliente. El cliente debe conectarse al servidor RDP con la opción "echo". • https://access.redhat.com/errata/RHSA-2019:2157 https://github.com/FreeRDP/FreeRDP/issues/4866 https://github.com/FreeRDP/FreeRDP/pull/4871 https://github.com/FreeRDP/FreeRDP/pull/4871/commits/baee520e3dd9be6511c45a14c5f5e77784de1471 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YVJKO2DR5EY4C4QZOP7SNNBEW2JW6FHX https://usn.ubuntu.com/4379-1 https://access.redhat.com/security/cve/CVE-2018-1000852 https://bugzilla.redhat.com/show_bug.cgi?id=1661640 • CWE-125: Out-of-bounds Read •