CVE-2020-4030

2020-06-2200:00:00

ubuntu.com

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.003 Low

EPSS

Percentile

69.3%

JSON

In FreeRDP before version 2.1.2, there is an out of bounds read in
TrioParse. Logging might bypass string length checks due to an integer
overflow. This is fixed in version 2.1.2.

Notes

Author	Note
mdeslaur	The freerdp package in Ubuntu 16.04 LTS and Ubuntu 18.04 LTS does not build a server library. This is simply a client denial of service that has a negligible security impact.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchfreerdp< anyUNKNOWN
ubuntu16.04noarchfreerdp< anyUNKNOWN
ubuntu18.04noarchfreerdp2< 2.2.0+dfsg1-0ubuntu0.18.04.1UNKNOWN
ubuntu20.04noarchfreerdp2< 2.2.0+dfsg1-0ubuntu0.20.04.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	freerdp	< any	UNKNOWN
ubuntu	16.04	noarch	freerdp	< any	UNKNOWN
ubuntu	18.04	noarch	freerdp2	< 2.2.0+dfsg1-0ubuntu0.18.04.1	UNKNOWN
ubuntu	20.04	noarch	freerdp2	< 2.2.0+dfsg1-0ubuntu0.20.04.1	UNKNOWN