Shodan
Vulnerabilities
Vulnerable Software
Freerdp:  >> Freerdp  Security Vulnerabilities
CVE-2020-11525
libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out of bounds read.
CVSS Score
2.2
EPSS Score
0.022
Published
2020-05-15
CVE-2020-11526
libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc4 has an Out-of-bounds Read.
CVSS Score
2.2
EPSS Score
0.002
Published
2020-05-15
CVE-2020-11521
libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write.
CVSS Score
6.6
EPSS Score
0.014
Published
2020-05-15
CVE-2020-11522
libfreerdp/gdi/gdi.c in FreeRDP > 1.0 through 2.0.0-rc4 has an Out-of-bounds Read.
CVSS Score
6.5
EPSS Score
0.01
Published
2020-05-15
CVE-2020-11523
libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Integer Overflow.
CVSS Score
6.6
EPSS Score
0.014
Published
2020-05-15
CVE-2020-11058
In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in rdp_read_font_capability_set could lead to a later out-of-bounds read. As a result, a manipulated client or server might force a disconnect due to an invalid data read. This has been fixed in 2.0.0.
CVSS Score
2.2
EPSS Score
0.001
Published
2020-05-12
CVE-2020-11047
In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bounds read in autodetect_recv_bandwidth_measure_results. A malicious server can extract up to 8 bytes of client memory with a manipulated message by providing a short input and reading the measurement result data. This has been patched in 2.0.0.
CVSS Score
5.5
EPSS Score
0.001
Published
2020-05-07
CVE-2020-11048
In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bounds read. It only allows to abort a session. No data extraction is possible. This has been fixed in 2.0.0.
CVSS Score
2.2
EPSS Score
0.001
Published
2020-05-07
CVE-2020-11049
In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bound read of client memory that is then passed on to the protocol parser. This has been patched in 2.0.0.
CVSS Score
5.5
EPSS Score
0.002
Published
2020-05-07
CVE-2020-11042
In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bounds read in update_read_icon_info. It allows reading a attacker-defined amount of client memory (32bit unsigned -> 4GB) to an intermediate buffer. This can be used to crash the client or store information for later retrieval. This has been patched in 2.0.0.
CVSS Score
5.5
EPSS Score
0.001
Published
2020-05-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved