Vulnerability Details CVE-2020-11099
In FreeRDP before version 2.1.2, there is an out of bounds read in license_read_new_or_upgrade_license_packet. A manipulated license packet can lead to out of bound reads to an internal buffer. This is fixed in version 2.1.2.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 36.9%
CVSS Severity
CVSS v3 Score 3.5
CVSS v2 Score 6.4
References
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html
- http://www.freerdp.com/2020/06/22/2_1_2-released
- https://github.com/FreeRDP/FreeRDP/commit/6ade7b4cbfd71c54b3d724e8f2d6ac76a58e879a
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-977w-866x-4v5h
- https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOZLH35OJWIQLM7FYDXAP2EAUBDXE76V/
- https://usn.ubuntu.com/4481-1/
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html
- http://www.freerdp.com/2020/06/22/2_1_2-released
- https://github.com/FreeRDP/FreeRDP/commit/6ade7b4cbfd71c54b3d724e8f2d6ac76a58e879a
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-977w-866x-4v5h
- https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOZLH35OJWIQLM7FYDXAP2EAUBDXE76V/
- https://usn.ubuntu.com/4481-1/
Products affected by CVE-2020-11099
-
cpe:2.3:a:freerdp:freerdp:-
-
cpe:2.3:a:freerdp:freerdp:1.0.0
-
cpe:2.3:a:freerdp:freerdp:1.0.1
-
cpe:2.3:a:freerdp:freerdp:1.0.2
-
cpe:2.3:a:freerdp:freerdp:1.1.0
-
cpe:2.3:a:freerdp:freerdp:1.2.0
-
cpe:2.3:a:freerdp:freerdp:2.0.0
-
cpe:2.3:a:freerdp:freerdp:2.1.0
-
cpe:2.3:a:freerdp:freerdp:2.1.1
-
cpe:2.3:o:canonical:ubuntu_linux:18.04
-
cpe:2.3:o:canonical:ubuntu_linux:20.04
-
cpe:2.3:o:debian:debian_linux:10.0
-
cpe:2.3:o:fedoraproject:fedora:31
-
cpe:2.3:o:fedoraproject:fedora:32
-
cpe:2.3:o:opensuse:leap:15.1