CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-11017 – Double free in cliprdr_server_receive_capabilities in FreeRDP
https://notcve.org/view.php?id=CVE-2020-11017
In FreeRDP less than or equal to 2.0.0, by providing manipulated input a malicious client can create a double free condition and crash the server. This is fixed in version 2.1.0. En FreeRDP versiones anteriores o iguales a 2.0.0, al proporcionar una entrada manipulada un cliente malicioso puede crear una condición de doble liberación y bloquear el servidor. Esto está corregido en la versión 2.1.0. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5c8-fm29-q57c https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html • CWE-415: Double Free •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2020-11019 – Out of bound read in update_recv in FreeRDP
https://notcve.org/view.php?id=CVE-2020-11019
In FreeRDP less than or equal to 2.0.0, when running with logger set to "WLOG_TRACE", a possible crash of application could occur due to a read of an invalid array index. Data could be printed as string to local terminal. This has been fixed in 2.1.0. En FreeRDP versiones anteriores o iguales a 2.0.0, cuando se ejecuta con el registrador establecido en "WLOG_TRACE", podría producirse un posible bloqueo de aplicación debido a una lectura de un índice de matriz no válido. Los datos podrían ser impresos como una cadena en una terminal local. • https://github.com/Lixterclarixe/CVE-2020-11019 http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wvrr-2f4r-hjvh https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html https://access.redhat.com/security/cve/CVE-2020-11019 https://bugzilla.redhat.com/show_bug.cgi?id=1848012 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-11086 – Out-of-bounds Read in FreeRDP `ntlm_read_ntlm_v2_response`
https://notcve.org/view.php?id=CVE-2020-11086
In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_ntlm_v2_client_challenge that reads up to 28 bytes out-of-bound to an internal structure. This has been fixed in 2.1.0. En FreeRDP versiones anteriores o iguales a 2.0.0, se presenta una lectura fuera de límites en la función ntlm_read_ntlm_v2_client_challenge que lee hasta 28 bytes fuera del límite en una estructura interna. Esto ha sido corregido en la versión 2.1.0. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html https://github.com/FreeRDP/FreeRDP/commit/c098f21fdaadca57ff649eee1674f6cc321a2ec4 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fg8v-w34r-c974 https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html https://access.redhat.com/security/cve/CVE-2020-11086 https://bugzilla.redhat.com/show_bug.cgi?id=1844166 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-11088 – Out-of-bound read in FreeRDP
https://notcve.org/view.php?id=CVE-2020-11088
In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_NegotiateMessage. This has been fixed in 2.1.0. En FreeRDP versiones anteriores o iguales a 2.0.0, se presenta una lectura fuera de límite en la función ntlm_read_NegotiateMessage. Esto ha sido corregido en la versión 2.1.0. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html https://github.com/FreeRDP/FreeRDP/commit/8fa38359634a9910b91719818ab02f23c320dbae https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-xh4f-fh87-43hp https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html https://access.redhat.com/security/cve/CVE-2020-11088 https://bugzilla.redhat.com/show_bug.cgi?id=1844177 • CWE-125: Out-of-bounds Read •
CVSS: 6.9EPSS: 0%CPEs: 3EXPL: 0CVE-2020-11038 – Integer Overflow to Buffer Overflow in FreeRDP
https://notcve.org/view.php?id=CVE-2020-11038
In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer Overflow exists. When using /video redirection, a manipulated server can instruct the client to allocate a buffer with a smaller size than requested due to an integer overflow in size calculation. With later messages, the server can manipulate the client to write data out of bound to the previously allocated buffer. This has been patched in 2.1.0. En FreeRDP versiones anteriores o iguales a 2.0.0, se presenta un Desbordamiento de Enteros en un Desbordamiento de Búfer. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-h25x-cqr6-fp6g https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html https://access.redhat.com/security/cve/CVE-2020-11038 https://bugzilla.redhat.com/show_bug.cgi?id=1848018 • CWE-190: Integer Overflow or Wraparound CWE-680: Integer Overflow to Buffer Overflow CWE-787: Out-of-bounds Write •