Integer Overflow in FreeRDP
CVE-2020-11039

8HIGH

Key Information:

Vendor

Freerdp

Status
Freerdp
Vendor
CVE Published:
29 May 2020

What is CVE-2020-11039?

In FreeRDP less than or equal to 2.0.0, when using a manipulated server with USB redirection enabled (nearly) arbitrary memory can be read and written due to integer overflows in length checks. This has been patched in 2.1.0.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

FreeRDP <= 2.0.0

References

https://github.com/FreeRDP/FreeRDP/security/advisories/GH...
http://lists.opensuse.org/opensuse-security-announce/2020...
vendor-advisory
https://lists.debian.org/debian-lts-announce/2023/10/msg0...
mailing-list

CVSS V3.1

Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.