CVE-2020-11038
Integer Overflow to Buffer Overflow in FreeRDP
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer Overflow exists. When using /video redirection, a manipulated server can instruct the client to allocate a buffer with a smaller size than requested due to an integer overflow in size calculation. With later messages, the server can manipulate the client to write data out of bound to the previously allocated buffer. This has been patched in 2.1.0.
En FreeRDP versiones anteriores o iguales a 2.0.0, se presenta un Desbordamiento de Enteros en un Desbordamiento de Búfer. Cuando se usa una redirección de /video, un servidor manipulado puede instruir al cliente para que asigne un búfer con un tamaño menor que el solicitado debido a un desbordamiento de enteros en el cálculo del tamaño. Con mensajes posteriores, el servidor puede manipular al cliente para que escriba datos fuera del límite en el buffer previamente asignado. Esto ha sido parcheado en la versión 2.1.0.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-03-30 CVE Reserved
- 2020-05-29 CVE Published
- 2023-10-25 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-190: Integer Overflow or Wraparound
- CWE-680: Integer Overflow to Buffer Overflow
- CWE-787: Out-of-bounds Write
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-h25x-cqr6-fp6g | Third Party Advisory | |
| https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html | 2023-10-24 | |
| https://access.redhat.com/security/cve/CVE-2020-11038 | 2020-11-04 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1848018 | 2020-11-04 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Freerdp Search vendor "Freerdp" | Freerdp Search vendor "Freerdp" for product "Freerdp" | < 2.1.0 Search vendor "Freerdp" for product "Freerdp" and version " < 2.1.0" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.1 Search vendor "Opensuse" for product "Leap" and version "15.1" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||