CVE-2020-11049
2.2 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L
4.9 Medium
AI Score
Confidence
Low
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:N/I:N/A:P
0.004 Low
EPSS
Percentile
73.8%
In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bound read of client memory that is then passed on to the protocol parser. This has been patched in 2.0.0.
References
github.com/FreeRDP/FreeRDP/commit/c367f65d42e0d2e1ca248998175180aa9c2eacd0
github.com/FreeRDP/FreeRDP/issues/6008
github.com/FreeRDP/FreeRDP/pull/6019
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wwh7-r2r8-xjpr
lists.debian.org/debian-lts-announce/2023/10/msg00008.html
usn.ubuntu.com/4379-1/
usn.ubuntu.com/4382-1/
Social References
More
Related
2.2 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L
4.9 Medium
AI Score
Confidence
Low
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:N/I:N/A:P
0.004 Low
EPSS
Percentile
73.8%