What is CVE-2020-4030?

CVE-2020-4030 is a vulnerability in FreeRDP before version 2.1.2 that allows an out of bounds read in TrioParse, which can bypass string length checks.

What is the severity of CVE-2020-4030?

The severity of CVE-2020-4030 is medium, with a severity value of 6.5.

How does CVE-2020-4030 affect FreeRDP?

CVE-2020-4030 affects FreeRDP versions before 2.1.2, allowing for an out of bounds read in TrioParse.

Is there a fix for CVE-2020-4030?

Yes, the vulnerability is fixed in FreeRDP version 2.1.2.

Where can I find more information about CVE-2020-4030?

You can find more information about CVE-2020-4030 at the MITRE CVE database (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4030), the FreeRDP security advisories on GitHub (https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fjr5-97f5-qq98), and the FreeRDP website (http://www.freerdp.com/2020/06/22/2_1_2-released).

Vulnerability/
CVE-2020-4030

medium

6.5

CWE

125 190

22/6/2020

7/11/2023

CVE-2020-4030: Integer Overflow

First published: Mon Jun 22 2020(Updated: )

In FreeRDP before version 2.1.2, there is an out of bounds read in TrioParse. Logging might bypass string length checks due to an integer overflow. This is fixed in version 2.1.2.

Credit: security-advisories@github.com security-advisories@github.com security-advisories@github.com

Affected Software	Affected Version	How to fix
FreeRDP FreeRDP	<2.1.2
Fedoraproject Fedora	=31
Fedoraproject Fedora	=32
openSUSE Leap	=15.1
Canonical Ubuntu Linux	=18.04
Canonical Ubuntu Linux	=20.04
Debian Debian Linux	=10.0
ubuntu/freerdp2	<2.2.0+dfsg1-0ubuntu0.18.04.1	2.2.0+dfsg1-0ubuntu0.18.04.1
ubuntu/freerdp2	<2.2.0+dfsg1-0ubuntu0.20.04.1	2.2.0+dfsg1-0ubuntu0.20.04.1
debian/freerdp2	<=2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2	2.3.0+dfsg1-2+deb10u4 2.3.0+dfsg1-2+deb11u1 2.10.0+dfsg1-1 2.11.2+dfsg1-1 2.11.5+dfsg1-1

Remedy

https://github.com/FreeRDP/FreeRDP/commit/05cd9ea2290d23931f615c1b004d4b2e69074e27

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

USN-4481-1

Frequently Asked Questions

What is CVE-2020-4030?
CVE-2020-4030 is a vulnerability in FreeRDP before version 2.1.2 that allows an out of bounds read in TrioParse, which can bypass string length checks.
What is the severity of CVE-2020-4030?
The severity of CVE-2020-4030 is medium, with a severity value of 6.5.
How does CVE-2020-4030 affect FreeRDP?
CVE-2020-4030 affects FreeRDP versions before 2.1.2, allowing for an out of bounds read in TrioParse.
Is there a fix for CVE-2020-4030?
Yes, the vulnerability is fixed in FreeRDP version 2.1.2.
Where can I find more information about CVE-2020-4030?
You can find more information about CVE-2020-4030 at the MITRE CVE database (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4030), the FreeRDP security advisories on GitHub (https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fjr5-97f5-qq98), and the FreeRDP website (http://www.freerdp.com/2020/06/22/2_1_2-released).

collector/nvd-api
collector/nvd-index
agent/type
agent/first-publish-date
agent/last-modified-date
collector/launchpad-cve
source/Launchpad
collector/nvd-cve
source/NVD
agent/software-canonical-lookup
agent/tags
agent/event
agent/severity
agent/references
agent/remedy
agent/author
agent/description
agent/weakness
collector/security-tracker-debian
source/Debian
agent/softwarecombine
collector/usn-cve
source/Ubuntu
vendor/freerdp
canonical/freerdp freerdp
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/31
version/fedoraproject fedora/32
vendor/opensuse
canonical/opensuse leap
version/opensuse leap/15.1
vendor/canonical
canonical/canonical ubuntu linux
version/canonical ubuntu linux/18.04
version/canonical ubuntu linux/20.04
vendor/debian
canonical/debian debian linux
version/debian debian linux/10.0
package-manager/debian
package-manager/ubuntu