What is CVE-2020-11095?

CVE-2020-11095 is a vulnerability in FreeRDP before version 2.1.2 that allows for out-of-bound reads resulting in accessing a memory location outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES.

What is the severity of CVE-2020-11095?

The severity of CVE-2020-11095 is medium with a CVSS score of 5.4.

How can I fix CVE-2020-11095?

To fix CVE-2020-11095, update FreeRDP to version 2.1.2 or later.

Which software versions are affected by CVE-2020-11095?

FreeRDP versions before 2.1.2 are affected by CVE-2020-11095.

Where can I find more information about CVE-2020-11095?

More information about CVE-2020-11095 can be found on the CVE website (cve.mitre.org), the FreeRDP GitHub repository, and the FreeRDP website.

Vulnerability/
CVE-2020-11095

medium

5.5

CWE

125

22/6/2020

7/11/2023

CVE-2020-11095

First published: Mon Jun 22 2020(Updated: )

In FreeRDP before version 2.1.2, an out of bound reads occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. This is fixed in version 2.1.2.

Credit: security-advisories@github.com security-advisories@github.com security-advisories@github.com

Affected Software	Affected Version	How to fix
FreeRDP FreeRDP	<2.1.2
Fedoraproject Fedora	=31
Fedoraproject Fedora	=32
openSUSE Leap	=15.1
Canonical Ubuntu Linux	=18.04
Canonical Ubuntu Linux	=20.04
Debian Debian Linux	=10.0
ubuntu/freerdp2	<2.2.0+dfsg1-0ubuntu0.18.04.1	2.2.0+dfsg1-0ubuntu0.18.04.1
ubuntu/freerdp2	<2.2.0+dfsg1-0ubuntu0.20.04.1	2.2.0+dfsg1-0ubuntu0.20.04.1
debian/freerdp2	<=2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2	2.3.0+dfsg1-2+deb10u4 2.3.0+dfsg1-2+deb11u1 2.10.0+dfsg1-1 2.11.2+dfsg1-1 2.11.5+dfsg1-1

Remedy

https://github.com/FreeRDP/FreeRDP/commit/733ee3208306b1ea32697b356c0215180fc3f049

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

USN-4481-1

Frequently Asked Questions

What is CVE-2020-11095?
CVE-2020-11095 is a vulnerability in FreeRDP before version 2.1.2 that allows for out-of-bound reads resulting in accessing a memory location outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES.
What is the severity of CVE-2020-11095?
The severity of CVE-2020-11095 is medium with a CVSS score of 5.4.
How can I fix CVE-2020-11095?
To fix CVE-2020-11095, update FreeRDP to version 2.1.2 or later.
Which software versions are affected by CVE-2020-11095?
FreeRDP versions before 2.1.2 are affected by CVE-2020-11095.
Where can I find more information about CVE-2020-11095?
More information about CVE-2020-11095 can be found on the CVE website (cve.mitre.org), the FreeRDP GitHub repository, and the FreeRDP website.

collector/nvd-api
collector/nvd-index
agent/type
agent/first-publish-date
agent/last-modified-date
collector/launchpad-cve
source/Launchpad
agent/references
agent/remedy
agent/weakness
agent/author
agent/severity
agent/description
agent/tags
agent/event
collector/nvd-cve
source/NVD
agent/software-canonical-lookup
collector/security-tracker-debian
source/Debian
agent/softwarecombine
collector/usn-cve
source/Ubuntu
vendor/freerdp
canonical/freerdp freerdp
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/31
version/fedoraproject fedora/32
vendor/opensuse
canonical/opensuse leap
version/opensuse leap/15.1
vendor/canonical
canonical/canonical ubuntu linux
version/canonical ubuntu linux/18.04
version/canonical ubuntu linux/20.04
vendor/debian
canonical/debian debian linux
version/debian debian linux/10.0
package-manager/debian
package-manager/ubuntu