CVE-2020-11042

EUVD-2020-3426
In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bounds read in update_read_icon_info. It allows reading a attacker-defined amount of client memory (32bit unsigned -> 4GB) to an intermediate buffer. This can be used to crash the client or store information for later retrieval. This has been patched in 2.0.0.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
NETWORK
HIGH
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L
GitHub_MCNA
5.5 MEDIUM
NETWORK
HIGH
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 31%
Affected Products (NVD)
VendorProductVersion
freerdpfreerdp
1.1.0 <
𝑥
< 2.0.0
debiandebian_linux
9.0
debiandebian_linux
10.0
canonicalubuntu_linux
16.04
canonicalubuntu_linux
18.04
canonicalubuntu_linux
19.10
canonicalubuntu_linux
20.04
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
freerdp2
bookworm
2.10.0+dfsg1-1
fixed
bullseye
2.3.0+dfsg1-2+deb11u1
fixed
sid
2.11.7+dfsg1-4
fixed
trixie
2.11.7+dfsg1-4
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
freerdp
bionic
Fixed 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.2
released
eoan
dne
focal
dne
groovy
dne
trusty
dne
xenial
Fixed 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.4
released
freerdp2
bionic
Fixed 2.1.1+dfsg1-0ubuntu0.18.04.1
released
eoan
Fixed 2.1.1+dfsg1-0ubuntu0.19.10.1
released
focal
Fixed 2.1.1+dfsg1-0ubuntu0.20.04.1
released
groovy
not-affected
trusty
dne
xenial
dne
Common Weakness Enumeration
References
https://github.com/FreeRDP/FreeRDP/commit/6b2bc41935e53b0034fe5948aeeab4f32e80f30f
https://github.com/FreeRDP/FreeRDP/issues/6010
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9jp6-5vf2-cx2q
https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html
https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html
https://usn.ubuntu.com/4379-1/
https://usn.ubuntu.com/4382-1/
https://github.com/FreeRDP/FreeRDP/commit/6b2bc41935e53b0034fe5948aeeab4f32e80f30f
https://github.com/FreeRDP/FreeRDP/issues/6010
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9jp6-5vf2-cx2q
https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html
https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html
https://usn.ubuntu.com/4379-1/
https://usn.ubuntu.com/4382-1/