First published: Thu May 07 2020(Updated: )
In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bounds read in update_read_icon_info. It allows reading a attacker-defined amount of client memory (32bit unsigned -> 4GB) to an intermediate buffer. This can be used to crash the client or store information for later retrieval. This has been patched in 2.0.0.
Credit: security-advisories@github.com security-advisories@github.com security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
FreeRDP FreeRDP | >1.1.0<2.0.0 | |
Debian Debian Linux | =9.0 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =19.10 | |
Canonical Ubuntu Linux | =20.04 | |
Debian Debian Linux | =10.0 | |
debian/freerdp2 | 2.3.0+dfsg1-2+deb11u1 2.10.0+dfsg1-1 2.11.7+dfsg1-6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2020-11042 is medium (5.9).
The affected software for CVE-2020-11042 includes FreeRDP versions greater than 1.1 and before 2.0.0.
An attacker can exploit CVE-2020-11042 by performing an out-of-bounds read in update_read_icon_info, allowing them to read a potentially large amount of client memory.
To fix CVE-2020-11042, update FreeRDP to version 2.0.0 or above.
You can find more information about CVE-2020-11042 at the following references: [CVE-2020-11042](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11042), [FreeRDP Advisory GHSA-9jp6-5vf2-cx2q](https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9jp6-5vf2-cx2q), [Ubuntu Security Notice USN-4379-1](https://ubuntu.com/security/notices/USN-4379-1).