Lucene search

K
cveGitHub_MCVE-2020-11097
HistoryJun 22, 2020 - 10:15 p.m.

CVE-2020-11097

2020-06-2222:15:12
CWE-125
GitHub_M
web.nvd.nist.gov
175
cve
2020
11097
freerdp
out of bounds read
memory access
security vulnerability
nvd

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:N/A:P

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

AI Score

6

Confidence

High

EPSS

0.001

Percentile

51.2%

In FreeRDP before version 2.1.2, an out of bounds read occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. This is fixed in version 2.1.2.

Affected configurations

Nvd
Vulners
Node
freerdpfreerdpRange<2.1.2
Node
fedoraprojectfedoraMatch31
OR
fedoraprojectfedoraMatch32
Node
opensuseleapMatch15.1
Node
canonicalubuntu_linuxMatch18.04esm
OR
canonicalubuntu_linuxMatch20.04lts
Node
debiandebian_linuxMatch10.0
VendorProductVersionCPE
freerdpfreerdp*cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "vendor": "FreeRDP",
    "product": "FreeRDP",
    "versions": [
      {
        "version": "< 2.1.2",
        "status": "affected"
      }
    ]
  }
]

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:N/A:P

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L

AI Score

6

Confidence

High

EPSS

0.001

Percentile

51.2%