Lucene search

K

Veracode Vulnerability DatabaseVERACODE:25200

HistoryMay 08, 2020 - 4:37 a.m.

Out-of-bound Reads

2020-05-0804:37:30

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

14

EPSS

0.016

Percentile

87.7%

FreeRDP is vulnerable to out-of-bound (OOB) reads. The vulnerability exists because it does not properly handle the update_read_icon_info data boundary checks, leading to a leakage of amount of client memory (32bit unsigned -> 4GB) to an intermediate buffer and crashing an application or unauthorized storage of information for later retrieval.

References

github.com/FreeRDP/FreeRDP/commit/6b2bc41935e53b0034fe5948aeeab4f32e80f30f

github.com/FreeRDP/FreeRDP/issues/6010

github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9jp6-5vf2-cx2q

lists.debian.org/debian-lts-announce/2020/08/msg00054.html

usn.ubuntu.com/4379-1/

usn.ubuntu.com/4382-1/

EPSS

0.016

Percentile

87.7%

Related for VERACODE:25200

cvelist1 prion1 ubuntucve1 debiancve1 redhatcve1 osv6 nvd1 cve1 nessus23 openvas11 ubuntu3 debian2 oraclelinux2 almalinux1 centos1 amazon1 rocky1 redhat2 mageia1