CVE-2020-11045
Out-of-bounds Read in FreeRDP
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bound read in in update_read_bitmap_data that allows client memory to be read to an image buffer. The result displayed on screen as colour.
En FreeRDP versiones posteriores a 1.0 y versiones anteriores a 2.0.0, se presenta una lectura fuera de límite en update_read_bitmap_data que permite que la memoria del cliente sea leída en un búfer imagen. El resultado se muestra en la pantalla como colour.
FreeRDP is a free implementation of the Remote Desktop Protocol, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. The vinagre packages provide the Vinagre remote desktop viewer for the GNOME desktop. Issues addressed include double free, integer overflow, and out of bounds read vulnerabilities.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-03-30 CVE Reserved
- 2020-05-07 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-125: Out-of-bounds Read
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3x39-248q-f4q6 | Third Party Advisory | |
| https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html | Mailing List |
|
| URL | Date | SRC |
|---|---|---|
| https://github.com/FreeRDP/FreeRDP/issues/6005 | 2024-08-04 |
| URL | Date | SRC |
|---|---|---|
| https://github.com/FreeRDP/FreeRDP/commit/f8890a645c221823ac133dbf991f8a65ae50d637 | 2023-10-24 |
| URL | Date | SRC |
|---|---|---|
| https://usn.ubuntu.com/4379-1 | 2023-10-24 | |
| https://usn.ubuntu.com/4382-1 | 2023-10-24 | |
| https://access.redhat.com/security/cve/CVE-2020-11045 | 2020-11-04 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1835399 | 2020-11-04 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Freerdp Search vendor "Freerdp" | Freerdp Search vendor "Freerdp" for product "Freerdp" | >= 1.1.0 < 2.0.0 Search vendor "Freerdp" for product "Freerdp" and version " >= 1.1.0 < 2.0.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | esm |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 19.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "19.10" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 20.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "20.04" | lts |
Affected
| ||||||