Lucene search

K
cveGitHub_MCVE-2020-4030
HistoryJun 22, 2020 - 10:15 p.m.

CVE-2020-4030

2020-06-2222:15:13
CWE-190
CWE-125
GitHub_M
web.nvd.nist.gov
172
cve-2020-4030
freerdp
trioparse
integer overflow
security vulnerability
nvd

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

AI Score

6.6

Confidence

High

EPSS

0.003

Percentile

68.9%

In FreeRDP before version 2.1.2, there is an out of bounds read in TrioParse. Logging might bypass string length checks due to an integer overflow. This is fixed in version 2.1.2.

Affected configurations

Nvd
Vulners
Node
freerdpfreerdpRange<2.1.2
Node
fedoraprojectfedoraMatch31
OR
fedoraprojectfedoraMatch32
Node
opensuseleapMatch15.1
Node
canonicalubuntu_linuxMatch18.04esm
OR
canonicalubuntu_linuxMatch20.04lts
Node
debiandebian_linuxMatch10.0
VendorProductVersionCPE
freerdpfreerdp*cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*
fedoraprojectfedora31cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
fedoraprojectfedora32cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
opensuseleap15.1cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
canonicalubuntu_linux18.04cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*
canonicalubuntu_linux20.04cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
debiandebian_linux10.0cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

CNA Affected

[
  {
    "vendor": "FreeRDP",
    "product": "FreeRDP",
    "versions": [
      {
        "version": "< 2.1.2",
        "status": "affected"
      }
    ]
  }
]

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

AI Score

6.6

Confidence

High

EPSS

0.003

Percentile

68.9%