CVE-2020-15103: Integer Overflow in FreeRDP
First published: Mon Jul 27 2020(Updated: )
In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. All FreeRDP clients are affected. The input rectangles from the server are not checked against local surface coordinates and blindly accepted. A malicious server can send data that will crash the client later on (invalid length arguments to a `memcpy`) This has been fixed in 2.2.0. As a workaround, stop using command line arguments /gfx, /gfx-h264 and /network:auto
Credit: security-advisories@github.com security-advisories@github.com security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| FreeRDP FreeRDP | <=2.1.2 | |
| Fedoraproject Fedora | =31 | |
| Fedoraproject Fedora | =32 | |
| openSUSE Leap | =15.1 | |
| Canonical Ubuntu Linux | =18.04 | |
| Canonical Ubuntu Linux | =20.04 | |
| Debian Debian Linux | =10.0 | |
| debian/freerdp2 | 2.3.0+dfsg1-2+deb11u1 2.10.0+dfsg1-1 2.11.7+dfsg1-4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00010.html
- https://github.com/FreeRDP/FreeRDP/blob/616af2d5b86dc24c7b3e89870dbcffd841d9a535/ChangeLog#L4
- https://github.com/FreeRDP/FreeRDP/pull/6382
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4r38-6hq7-j3j9
- https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XOZLH35OJWIQLM7FYDXAP2EAUBDXE76V/
- https://usn.ubuntu.com/4481-1/
- https://launchpad.net/bugs/cve/CVE-2020-15103
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOZLH35OJWIQLM7FYDXAP2EAUBDXE76V/
- https://github.com/FreeRDP/FreeRDP/pull/6381
- https://github.com/FreeRDP/FreeRDP/commit/be8c8640ead04b1e4fc9176c504bf688351c8924
- https://github.com/FreeRDP/FreeRDP/commit/da684f5335c2b3b726a39f3c091ce804e55f4f8e
- https://security-tracker.debian.org/tracker/CVE-2020-15103
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15103
- https://nvd.nist.gov/vuln/detail/CVE-2020-15103
- https://ubuntu.com/security/CVE-2020-15103
Frequently Asked Questions
What is CVE-2020-15103?
CVE-2020-15103 is a vulnerability in FreeRDP less than or equal to version 2.1.2 that allows an integer overflow due to missing input sanitation in the rdpegfx channel.
Which software is affected by CVE-2020-15103?
All FreeRDP clients are affected by CVE-2020-15103.
What is the severity of CVE-2020-15103?
CVE-2020-15103 has a severity rating of low with a CVSS score of 3.5.
How can I fix CVE-2020-15103?
To fix CVE-2020-15103, update FreeRDP to version 2.2.0+dfsg1-0ubuntu0.18.04.1 or later.
Where can I find more information about CVE-2020-15103?
More information about CVE-2020-15103 can be found at the following references: [CVE-2020-15103](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15103), [GitHub Pull Request](https://github.com/FreeRDP/FreeRDP/pull/6381), [Ubuntu Security Notice USN-4481-1](https://ubuntu.com/security/notices/USN-4481-1).
- collector/nvd-api
- collector/nvd-index
- agent/type
- collector/launchpad-cve
- source/Launchpad
- agent/first-publish-date
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/remedy
- agent/author
- agent/description
- agent/weakness
- agent/references
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/title
- agent/last-modified-date
- agent/event
- agent/tags
- collector/usn-cve
- source/Ubuntu
- vendor/freerdp
- canonical/freerdp freerdp
- version/freerdp freerdp/2.1.2
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/31
- version/fedoraproject fedora/32
- vendor/opensuse
- canonical/opensuse leap
- version/opensuse leap/15.1
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/18.04
- version/canonical ubuntu linux/20.04
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/10.0
- package-manager/debian