Lucene search

K

GitHub_MCVELIST:CVE-2020-11048

HistoryMay 07, 2020 - 12:00 a.m.

CVE-2020-11048 Out-of-bounds Read in FreeRDPrdp_read_flow_control_pdu

2020-05-0700:00:00

CWE-125

GitHub_M

www.cve.org

1

2.2 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L

5.5 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.1%

In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bounds read. It only allows to abort a session. No data extraction is possible. This has been fixed in 2.0.0.

CNA Affected

[
  {
    "vendor": "FreeRDP",
    "product": "FreeRDP",
    "versions": [
      {
        "version": "> 1.0, < 2.0.0",
        "status": "affected"
      }
    ]
  }
]

References

github.com/FreeRDP/FreeRDP/commit/9301bfe730c66180263248b74353daa99f5a969b

github.com/FreeRDP/FreeRDP/issues/6007

github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hv8w-f2hx-5gcv

lists.debian.org/debian-lts-announce/2020/08/msg00054.html

lists.debian.org/debian-lts-announce/2023/10/msg00008.html

usn.ubuntu.com/4379-1/

usn.ubuntu.com/4382-1/

2.2 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L

5.5 Medium

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.1%

Related for CVELIST:CVE-2020-11048

redhatcve1 veracode1 cve1 prion1 ubuntucve2 osv6 debiancve1 nvd1 openvas7 nessus19 ubuntu3 debian2 oraclelinux2 centos1 almalinux1 rocky1 amazon1 redhat2 mageia1