CVE-2020-11045

 

Published at: - 07-05-2020 09:15

Last modified: - 01-07-2022 07:21

Total changes: - 2

Description

In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bound read in in update_read_bitmap_data that allows client memory to be read to an image buffer. The result displayed on screen as colour.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:L

 

Verification logic

 

Reference

• https://github.com/FreeRDP/FreeRDP/commit/f8890a645c221823ac133dbf991f8a65ae50d637
• https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3x39-248q-f4q6
• https://github.com/FreeRDP/FreeRDP/issues/6005
• USN-4379-1-Third Party Advisory
• USN-4382-1-Third Party Advisory
• [debian-lts-announce] 20200829 [SECURITY] [DLA 2356-1] freerdp security update-Third Party Advisory

 

Keywords

NVD

 

CVE-2020-11045

 

CVE

 

Common vulnerabilities & exposures

 

CVSS

 

Common vulnerability scoring system

 

Security

 

Vulnerabilities

 

Exposures