CVE-2020-11048 Information

Description

In FreeRDP after 1.0 and before 2.0.0 there is an out-of-bounds read. It only allows to abort a session. No data extraction is possible. This has been fixed in 2.0.0.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L

Reference

https://github.com/FreeRDP/FreeRDP/commit/9301bfe730c66180263248b74353daa99f5a969b https://github.com/FreeRDP/FreeRDP/issues/6007 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hv8w-f2hx-5gcv https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html https://usn.ubuntu.com/4379-1/ https://usn.ubuntu.com/4382-1/

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction Required

HIGH

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

LOW

Base Severity

2.2