First published: Thu May 07 2020(Updated: )
In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bound read of client memory that is then passed on to the protocol parser. This has been patched in 2.0.0.
Credit: security-advisories@github.com security-advisories@github.com security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
debian/freerdp2 | 2.3.0+dfsg1-2+deb11u1 2.10.0+dfsg1-1 | |
FreeRDP | >1.1.0<2.0.0 | |
Ubuntu Linux | =16.04 | |
Ubuntu Linux | =18.04 | |
Ubuntu Linux | =19.10 | |
Ubuntu Linux | =20.04 | |
Debian GNU/Linux | =10.0 | |
Ubuntu | =16.04 | |
Ubuntu | =18.04 | |
Ubuntu | =19.10 | |
Ubuntu | =20.04 | |
Ubuntu | =18.04 | |
Debian | =10.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-11049 is classified as a vulnerability that allows for an out-of-bounds read of client memory.
To mitigate CVE-2020-11049, upgrade FreeRDP to version 2.0.0 or later.
CVE-2020-11049 affects FreeRDP versions after 1.1 and before 2.0.0.
CVE-2020-11049 impacts FreeRDP installations on Debian and Ubuntu versions prior to the necessary upgrades.
CVE-2020-11049 is an out-of-bounds read vulnerability that can potentially compromise the integrity of the protocol parsing process.