Lucene search

Ubuntu.comUB:CVE-2020-15103

HistoryJul 27, 2020 - 12:00 a.m.

CVE-2020-15103

2020-07-2700:00:00

ubuntu.com

freerdp integer overflow

rdpegfx channel

input sanitation

client denial of service

server coordinates

memcpy

client crash

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:N/A:P

CVSS3

3.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

EPSS

0.001

Percentile

43.5%

JSON

In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to
missing input sanitation in rdpegfx channel. All FreeRDP clients are
affected. The input rectangles from the server are not checked against
local surface coordinates and blindly accepted. A malicious server can send
data that will crash the client later on (invalid length arguments to a
memcpy) This has been fixed in 2.2.0. As a workaround, stop using command
line arguments /gfx, /gfx-h264 and /network:auto

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965979>

Notes

Author	Note
mdeslaur	The freerdp package in Ubuntu 16.04 LTS and Ubuntu 18.04 LTS does not build a server library. This is simply a client denial of service that has a negligible security impact.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchfreerdp< anyUNKNOWN
ubuntu16.04noarchfreerdp< anyUNKNOWN
ubuntu18.04noarchfreerdp2< 2.2.0+dfsg1-0ubuntu0.18.04.1UNKNOWN
ubuntu20.04noarchfreerdp2< 2.2.0+dfsg1-0ubuntu0.20.04.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	freerdp	< any	UNKNOWN
ubuntu	16.04	noarch	freerdp	< any	UNKNOWN
ubuntu	18.04	noarch	freerdp2	< 2.2.0+dfsg1-0ubuntu0.18.04.1	UNKNOWN
ubuntu	20.04	noarch	freerdp2	< 2.2.0+dfsg1-0ubuntu0.20.04.1	UNKNOWN