First published: Fri May 22 2020(Updated: )
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in libfreerdp/core/security.c due to an uninitialized value.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
FreeRDP FreeRDP | <2.1.1 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =19.10 | |
Canonical Ubuntu Linux | =20.04 | |
Debian Debian Linux | =9.0 | |
openSUSE Leap | =15.1 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Debian Debian Linux | =10.0 | |
debian/freerdp2 | 2.3.0+dfsg1-2+deb11u1 2.10.0+dfsg1-1 2.11.7+dfsg1-6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2020-13397 is medium with a CVSS score of 5.5.
CVE-2020-13397 affects FreeRDP versions before 2.1.1.
CVE-2020-13397 is an out-of-bounds (OOB) read vulnerability in security_fips_decrypt in libfreerdp/core/security.c.
To fix CVE-2020-13397 in Ubuntu, update the freerdp package to version 2.1.1+dfsg1-0ubuntu0.18.04.1 or later.
Yes, you can find more information about CVE-2020-13397 at the following references: [reference 1](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13397), [reference 2](https://github.com/FreeRDP/FreeRDP/commit/8fb6336a4072abcee8ce5bd6ae91104628c7bb69), [reference 3](https://github.com/FreeRDP/FreeRDP/compare/2.1.0...2.1.1).