Vulnerability-Lookup

CVE-2020-11042 (GCVE-0-2020-11042)

Vulnerability from cvelistv5 – Published: 2020-05-07 00:00 – Updated: 2024-08-04 11:21

Title

Out-of-bounds Read in FreeRDP

Summary

In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bounds read in update_read_icon_info. It allows reading a attacker-defined amount of client memory (32bit unsigned -> 4GB) to an intermediate buffer. This can be used to crash the client or store information for later retrieval. This has been patched in 2.0.0.

Severity ?

5.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L

CWE

CWE-125 - Out-of-bounds Read

Assigner

GitHub_M

References

URL

	Vendor	Product	Version
	FreeRDP	FreeRDP	Affected: > 1.1, < 2.0.0

FKIE_CVE-2020-11042

Vulnerability from fkie_nvd - Published: 2020-05-07 19:15 - Updated: 2024-11-21 04:56

Severity ?

5.5 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/FreeRDP/FreeRDP/commit/6b2bc41935e53b0034fe5948aeeab4f32e80f30f	Patch, Third Party Advisory
security-advisories@github.com	https://github.com/FreeRDP/FreeRDP/issues/6010	Exploit, Third Party Advisory
security-advisories@github.com	https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9jp6-5vf2-cx2q	Third Party Advisory
security-advisories@github.com	https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html	Third Party Advisory
security-advisories@github.com	https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html	Mailing List
security-advisories@github.com	https://usn.ubuntu.com/4379-1/	Third Party Advisory
security-advisories@github.com	https://usn.ubuntu.com/4382-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/FreeRDP/FreeRDP/commit/6b2bc41935e53b0034fe5948aeeab4f32e80f30f	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/FreeRDP/FreeRDP/issues/6010	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9jp6-5vf2-cx2q	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html	Mailing List
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4379-1/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://usn.ubuntu.com/4382-1/	Third Party Advisory

Impacted products

Vendor	Product	Version
freerdp	freerdp	*
debian	debian_linux	9.0
debian	debian_linux	10.0
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	19.10
canonical	ubuntu_linux	20.04

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F953BF38-4A6C-41EE-B646-37702989F524",
              "versionEndExcluding": "2.0.0",
              "versionStartExcluding": "1.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bounds read in update_read_icon_info. It allows reading a attacker-defined amount of client memory (32bit unsigned -\u003e 4GB) to an intermediate buffer. This can be used to crash the client or store information for later retrieval. This has been patched in 2.0.0."
    },
    {
      "lang": "es",
      "value": "En FreeRDP versiones superiores a 1.2 y versiones anteriores a 2.0.0, se presenta una lectura fuera de l\u00edmites en update_read_icon_info. Permite leer una cantidad de memoria del cliente definida por el atacante (32 bits sin signo -) 4 GB) en un b\u00fafer intermedio. Esto puede ser usado para bloquear el cliente o almacenar informaci\u00f3n para su posterior recuperaci\u00f3n. Esto ha sido parcheado en la versi\u00f3n 2.0.0."
    }
  ],
  "id": "CVE-2020-11042",
  "lastModified": "2024-11-21T04:56:39.863",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.9,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 1.3,
        "impactScore": 3.7,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.7,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-05-07T19:15:11.673",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/FreeRDP/FreeRDP/commit/6b2bc41935e53b0034fe5948aeeab4f32e80f30f"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/FreeRDP/FreeRDP/issues/6010"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9jp6-5vf2-cx2q"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4379-1/"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4382-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/FreeRDP/FreeRDP/commit/6b2bc41935e53b0034fe5948aeeab4f32e80f30f"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/FreeRDP/FreeRDP/issues/6010"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9jp6-5vf2-cx2q"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4379-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4382-1/"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2020-11042

Vulnerability from osv_almalinux

Published

2020-11-03 12:23

Modified

2021-11-12 10:20

Summary

Moderate: freerdp and vinagre security, bug fix, and enhancement update

Details

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox.

The vinagre packages provide the Vinagre remote desktop viewer for the GNOME desktop.

The following packages have been upgraded to a later upstream version: freerdp (2.1.1). (BZ#1834287)

Security Fix(es):

freerdp: Out of bound read in cliprdr_server_receive_capabilities (CVE-2020-11018)
freerdp: Out of bound read/write in usb redirection channel (CVE-2020-11039)
freerdp: out-of-bounds read in update_read_icon_info function (CVE-2020-11042)
freerdp: out-of-bounds read in autodetect_recv_bandwidth_measure_results function (CVE-2020-11047)
freerdp: Out-of-bounds read in ntlm_read_ChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c. (CVE-2020-13396)
freerdp: Out-of-bounds read in security_fips_decrypt in libfreerdp/core/security.c (CVE-2020-13397)
freerdp: Out of bound read in update_recv could result in a crash (CVE-2020-11019)
freerdp: Integer overflow in VIDEO channel (CVE-2020-11038)
freerdp: Out of bound access in clear_decompress_subcode_rlex (CVE-2020-11040)
freerdp: Unchecked read of array offset in rdpsnd_recv_wave2_pdu (CVE-2020-11041)
freerdp: out of bound read in rfx_process_message_tileset (CVE-2020-11043)
freerdp: double free in update_read_cache_bitmap_v3_order function (CVE-2020-11044)
freerdp: out of bounds read in update_read_bitmap_data function (CVE-2020-11045)
freerdp: out of bounds seek in update_read_synchronize function could lead out of bounds read (CVE-2020-11046)
freerdp: out-of-bounds read could result in aborting the session (CVE-2020-11048)
freerdp: out-of-bound read of client memory that is then passed on to the protocol parser (CVE-2020-11049)
freerdp: stream out-of-bounds seek in rdp_read_font_capability_set could lead to out-of-bounds read (CVE-2020-11058)
freerdp: out-of-bounds read in cliprdr_read_format_list function (CVE-2020-11085)
freerdp: out-of-bounds read in ntlm_read_ntlm_v2_client_challenge function (CVE-2020-11086)
freerdp: out-of-bounds read in ntlm_read_AuthenticateMessage (CVE-2020-11087)
freerdp: out-of-bounds read in ntlm_read_NegotiateMessage (CVE-2020-11088)
freerdp: out-of-bounds read in irp functions (CVE-2020-11089)
freerdp: out-of-bounds read in gdi.c (CVE-2020-11522)
freerdp: out-of-bounds read in bitmap.c (CVE-2020-11525)
freerdp: Stream pointer out of bounds in update_recv_secondary_order could lead out of bounds read later (CVE-2020-11526)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "freerdp-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2:2.1.1-1.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "vinagre"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.22.0-23.el8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox.\n\nThe vinagre packages provide the Vinagre remote desktop viewer for the GNOME desktop.\n\nThe following packages have been upgraded to a later upstream version: freerdp (2.1.1). (BZ#1834287)\n\nSecurity Fix(es):\n\n* freerdp: Out of bound read in cliprdr_server_receive_capabilities (CVE-2020-11018)\n\n* freerdp: Out of bound read/write in usb redirection channel (CVE-2020-11039)\n\n* freerdp: out-of-bounds read in update_read_icon_info function (CVE-2020-11042)\n\n* freerdp: out-of-bounds read in autodetect_recv_bandwidth_measure_results function (CVE-2020-11047)\n\n* freerdp: Out-of-bounds read in ntlm_read_ChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c. (CVE-2020-13396)\n\n* freerdp: Out-of-bounds read in security_fips_decrypt in libfreerdp/core/security.c (CVE-2020-13397)\n\n* freerdp: Out of bound read in update_recv could result in a crash (CVE-2020-11019)\n\n* freerdp: Integer overflow in VIDEO channel (CVE-2020-11038)\n\n* freerdp: Out of bound access in clear_decompress_subcode_rlex (CVE-2020-11040)\n\n* freerdp: Unchecked read of array offset in rdpsnd_recv_wave2_pdu (CVE-2020-11041)\n\n* freerdp: out of bound read in rfx_process_message_tileset (CVE-2020-11043)\n\n* freerdp: double free in update_read_cache_bitmap_v3_order function (CVE-2020-11044)\n\n* freerdp: out of bounds read in update_read_bitmap_data function (CVE-2020-11045)\n\n* freerdp: out of bounds seek in update_read_synchronize function could lead out of bounds read (CVE-2020-11046)\n\n* freerdp: out-of-bounds read could result in aborting the session (CVE-2020-11048)\n\n* freerdp: out-of-bound read of client memory that is then passed on to the protocol parser (CVE-2020-11049)\n\n* freerdp: stream out-of-bounds seek in rdp_read_font_capability_set could lead to out-of-bounds read (CVE-2020-11058)\n\n* freerdp: out-of-bounds read in cliprdr_read_format_list function (CVE-2020-11085)\n\n* freerdp: out-of-bounds read in ntlm_read_ntlm_v2_client_challenge function (CVE-2020-11086)\n\n* freerdp: out-of-bounds read in ntlm_read_AuthenticateMessage (CVE-2020-11087)\n\n* freerdp: out-of-bounds read in ntlm_read_NegotiateMessage (CVE-2020-11088)\n\n* freerdp: out-of-bounds read in irp functions (CVE-2020-11089)\n\n* freerdp: out-of-bounds read in gdi.c (CVE-2020-11522)\n\n* freerdp: out-of-bounds read in bitmap.c (CVE-2020-11525)\n\n* freerdp: Stream pointer out of bounds in update_recv_secondary_order could lead out of bounds read later (CVE-2020-11526)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
  "id": "ALSA-2020:4647",
  "modified": "2021-11-12T10:20:56Z",
  "published": "2020-11-03T12:23:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2020-4647.html"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-11018"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-11019"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-11038"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-11039"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-11040"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-11041"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-11042"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-11043"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-11044"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-11045"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-11046"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-11047"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-11048"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-11049"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-11058"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-11085"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-11086"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-11087"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-11088"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-11089"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-11522"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-11525"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-11526"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-13396"
    },
    {
      "type": "REPORT",
      "url": "https://vulners.com/cve/CVE-2020-13397"
    }
  ],
  "related": [
    "CVE-2020-11018",
    "CVE-2020-11039",
    "CVE-2020-11042",
    "CVE-2020-11047",
    "CVE-2020-13396",
    "CVE-2020-13397",
    "CVE-2020-11019",
    "CVE-2020-11038",
    "CVE-2020-11040",
    "CVE-2020-11041",
    "CVE-2020-11043",
    "CVE-2020-11044",
    "CVE-2020-11045",
    "CVE-2020-11046",
    "CVE-2020-11048",
    "CVE-2020-11049",
    "CVE-2020-11058",
    "CVE-2020-11085",
    "CVE-2020-11086",
    "CVE-2020-11087",
    "CVE-2020-11088",
    "CVE-2020-11089",
    "CVE-2020-11522",
    "CVE-2020-11525",
    "CVE-2020-11526"
  ],
  "summary": "Moderate: freerdp and vinagre security, bug fix, and enhancement update"
}

GSD-2020-11042

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2020-11042

Aliases

CVE-2020-11042

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-11042",
    "description": "In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bounds read in update_read_icon_info. It allows reading a attacker-defined amount of client memory (32bit unsigned -\u003e 4GB) to an intermediate buffer. This can be used to crash the client or store information for later retrieval. This has been patched in 2.0.0.",
    "id": "GSD-2020-11042",
    "references": [
      "https://www.suse.com/security/cve/CVE-2020-11042.html",
      "https://access.redhat.com/errata/RHSA-2020:4647",
      "https://access.redhat.com/errata/RHSA-2020:4031",
      "https://ubuntu.com/security/CVE-2020-11042",
      "https://advisories.mageia.org/CVE-2020-11042.html",
      "https://security.archlinux.org/CVE-2020-11042",
      "https://linux.oracle.com/cve/CVE-2020-11042.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-11042"
      ],
      "details": "In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bounds read in update_read_icon_info. It allows reading a attacker-defined amount of client memory (32bit unsigned -\u003e 4GB) to an intermediate buffer. This can be used to crash the client or store information for later retrieval. This has been patched in 2.0.0.",
      "id": "GSD-2020-11042",
      "modified": "2023-12-13T01:22:08.079923Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2020-11042",
        "STATE": "PUBLIC",
        "TITLE": "Out-of-bounds Read in FreeRDP"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "FreeRDP",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "\u003e 1.1, \u003c 2.0.0"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "FreeRDP"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bounds read in update_read_icon_info. It allows reading a attacker-defined amount of client memory (32bit unsigned -\u003e 4GB) to an intermediate buffer. This can be used to crash the client or store information for later retrieval. This has been patched in 2.0.0."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-125: Out-of-bounds Read"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9jp6-5vf2-cx2q",
            "refsource": "CONFIRM",
            "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9jp6-5vf2-cx2q"
          },
          {
            "name": "https://github.com/FreeRDP/FreeRDP/issues/6010",
            "refsource": "MISC",
            "url": "https://github.com/FreeRDP/FreeRDP/issues/6010"
          },
          {
            "name": "https://github.com/FreeRDP/FreeRDP/commit/6b2bc41935e53b0034fe5948aeeab4f32e80f30f",
            "refsource": "MISC",
            "url": "https://github.com/FreeRDP/FreeRDP/commit/6b2bc41935e53b0034fe5948aeeab4f32e80f30f"
          },
          {
            "name": "USN-4379-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/4379-1/"
          },
          {
            "name": "USN-4382-1",
            "refsource": "UBUNTU",
            "url": "https://usn.ubuntu.com/4382-1/"
          },
          {
            "name": "[debian-lts-announce] 20200829 [SECURITY] [DLA 2356-1] freerdp security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html"
          },
          {
            "name": "[debian-lts-announce] 20231007 [SECURITY] [DLA 3606-1] freerdp2 security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-9jp6-5vf2-cx2q",
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.0.0",
                "versionStartExcluding": "1.1.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2020-11042"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bounds read in update_read_icon_info. It allows reading a attacker-defined amount of client memory (32bit unsigned -\u003e 4GB) to an intermediate buffer. This can be used to crash the client or store information for later retrieval. This has been patched in 2.0.0."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-125"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9jp6-5vf2-cx2q",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9jp6-5vf2-cx2q"
            },
            {
              "name": "https://github.com/FreeRDP/FreeRDP/commit/6b2bc41935e53b0034fe5948aeeab4f32e80f30f",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/FreeRDP/FreeRDP/commit/6b2bc41935e53b0034fe5948aeeab4f32e80f30f"
            },
            {
              "name": "https://github.com/FreeRDP/FreeRDP/issues/6010",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://github.com/FreeRDP/FreeRDP/issues/6010"
            },
            {
              "name": "USN-4379-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://usn.ubuntu.com/4379-1/"
            },
            {
              "name": "USN-4382-1",
              "refsource": "UBUNTU",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://usn.ubuntu.com/4382-1/"
            },
            {
              "name": "[debian-lts-announce] 20200829 [SECURITY] [DLA 2356-1] freerdp security update",
              "refsource": "MLIST",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html"
            },
            {
              "name": "[debian-lts-announce] 20231007 [SECURITY] [DLA 3606-1] freerdp2 security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.9,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 6.8,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 0.7,
          "impactScore": 5.2
        }
      },
      "lastModifiedDate": "2023-10-24T14:04Z",
      "publishedDate": "2020-05-07T19:15Z"
    }
  }
}

CNVD-2020-29357

Vulnerability from cnvd - Published: 2020-05-21

Title

FreeRDP缓冲区溢出漏洞（CNVD-2020-29357）

Description

FreeRDP是FreeRDP团队的一款开源的远程桌面协议（RDP）的实现。 FreeRDP缓冲区溢出漏洞。该漏洞源于网络系统或产品在内存上执行操作时，未正确验证数据边界，导致向关联的其他内存位置上执行了错误的读写操作。攻击者可利用该漏洞导致缓冲区溢出或堆溢出等。

Severity

中

Patch Name

FreeRDP缓冲区溢出漏洞（CNVD-2020-29357）的补丁

Patch Description

FreeRDP是FreeRDP团队的一款开源的远程桌面协议（RDP）的实现。 FreeRDP缓冲区溢出漏洞。该漏洞源于网络系统或产品在内存上执行操作时，未正确验证数据边界，导致向关联的其他内存位置上执行了错误的读写操作。攻击者可利用该漏洞导致缓冲区溢出或堆溢出等。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9jp6-5vf2-cx2q

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-11042

Impacted products

Name
FreeRDP FreeRDP >1.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-11042"
    }
  },
  "description": "FreeRDP\u662fFreeRDP\u56e2\u961f\u7684\u4e00\u6b3e\u5f00\u6e90\u7684\u8fdc\u7a0b\u684c\u9762\u534f\u8bae\uff08RDP\uff09\u7684\u5b9e\u73b0\u3002\n\nFreeRDP\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u5728\u5185\u5b58\u4e0a\u6267\u884c\u64cd\u4f5c\u65f6\uff0c\u672a\u6b63\u786e\u9a8c\u8bc1\u6570\u636e\u8fb9\u754c\uff0c\u5bfc\u81f4\u5411\u5173\u8054\u7684\u5176\u4ed6\u5185\u5b58\u4f4d\u7f6e\u4e0a\u6267\u884c\u4e86\u9519\u8bef\u7684\u8bfb\u5199\u64cd\u4f5c\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u7f13\u51b2\u533a\u6ea2\u51fa\u6216\u5806\u6ea2\u51fa\u7b49\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9jp6-5vf2-cx2q",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-29357",
  "openTime": "2020-05-21",
  "patchDescription": "FreeRDP\u662fFreeRDP\u56e2\u961f\u7684\u4e00\u6b3e\u5f00\u6e90\u7684\u8fdc\u7a0b\u684c\u9762\u534f\u8bae\uff08RDP\uff09\u7684\u5b9e\u73b0\u3002\r\n\r\nFreeRDP\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u5728\u5185\u5b58\u4e0a\u6267\u884c\u64cd\u4f5c\u65f6\uff0c\u672a\u6b63\u786e\u9a8c\u8bc1\u6570\u636e\u8fb9\u754c\uff0c\u5bfc\u81f4\u5411\u5173\u8054\u7684\u5176\u4ed6\u5185\u5b58\u4f4d\u7f6e\u4e0a\u6267\u884c\u4e86\u9519\u8bef\u7684\u8bfb\u5199\u64cd\u4f5c\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5bfc\u81f4\u7f13\u51b2\u533a\u6ea2\u51fa\u6216\u5806\u6ea2\u51fa\u7b49\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "FreeRDP\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2020-29357\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "FreeRDP FreeRDP \u003e1.1"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-11042",
  "serverity": "\u4e2d",
  "submitTime": "2020-05-08",
  "title": "FreeRDP\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2020-29357\uff09"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-11042 (GCVE-0-2020-11042)

FKIE_CVE-2020-11042

cve-2020-11042

Vulnerability from osv_almalinux

GSD-2020-11042

CNVD-2020-29357

Tags

Sightings

Nomenclature