First published: Thu May 07 2020(Updated: )
In FreeRDP greater than 1.2 and before 2.0.0, a double free in update_read_cache_bitmap_v3_order crashes the client application if corrupted data from a manipulated server is parsed. This has been patched in 2.0.0.
Credit: security-advisories@github.com security-advisories@github.com security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
FreeRDP FreeRDP | >1.2.0<2.0.0 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =19.10 | |
Canonical Ubuntu Linux | =20.04 | |
Debian Debian Linux | =10.0 | |
debian/freerdp2 | 2.3.0+dfsg1-2+deb11u1 2.10.0+dfsg1-1 2.11.7+dfsg1-4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-11044 is a vulnerability in FreeRDP that allows a double free in update_read_cache_bitmap_v3_order to crash the client application if corrupted data from a manipulated server is parsed.
CVE-2020-11044 has a severity rating of 2.2 (low).
Update to FreeRDP version 2.0.0 or higher, which includes the patch for CVE-2020-11044.
You can find more information about CVE-2020-11044 on the MITRE CVE website and the FreeRDP GitHub security advisory.
Yes, Ubuntu versions 18.04, 19.10, and 20.04 are affected by CVE-2020-11044.