First published: Fri May 22 2020(Updated: )
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in ntlm_read_ChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
FreeRDP FreeRDP | <2.1.1 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =19.10 | |
Canonical Ubuntu Linux | =20.04 | |
Debian Debian Linux | =9.0 | |
openSUSE Leap | =15.1 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Debian Debian Linux | =10.0 | |
debian/freerdp2 | 2.3.0+dfsg1-2+deb11u1 2.10.0+dfsg1-1 2.11.7+dfsg1-4 2.11.7+dfsg1-6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-13396 is an out-of-bounds (OOB) read vulnerability in FreeRDP before version 2.1.1.
FreeRDP versions before 2.1.1 are affected by CVE-2020-13396.
CVE-2020-13396 has a severity rating of 7.1 (high).
To fix CVE-2020-13396, update FreeRDP to version 2.1.1 or later.
You can find more information about CVE-2020-13396 on the CVE website (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13396) and the FreeRDP GitHub page.