Lucene search

GitHub_MCVELIST:CVE-2020-11046

HistoryMay 07, 2020 - 12:00 a.m.

CVE-2020-11046 Improper Restriction of Operations within the Bounds of a Memory Buffer in FreeRDP

2020-05-0700:00:00

CWE-119

GitHub_M

www.cve.org

5.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L

6.4 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.2%

JSON

In FreeRDP after 1.0 and before 2.0.0, there is a stream out-of-bounds seek in update_read_synchronize that could lead to a later out-of-bounds read.

CNA Affected

[
  {
    "vendor": "FreeRDP",
    "product": "FreeRDP",
    "versions": [
      {
        "version": "> 1.0, < 2.0.0",
        "status": "affected"
      }
    ]
  }
]

References

github.com/FreeRDP/FreeRDP/commit/ed53cd148f43cbab905eaa0f5308c2bf3c48cc37

github.com/FreeRDP/FreeRDP/issues/6006

github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hx48-wmmm-mr5q

lists.debian.org/debian-lts-announce/2020/08/msg00054.html

lists.debian.org/debian-lts-announce/2023/10/msg00008.html

usn.ubuntu.com/4379-1/

usn.ubuntu.com/4382-1/

5.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L

6.4 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.2%

JSON

Related for CVELIST:CVE-2020-11046