rpm package
almalinux/freerdp-devel
pkg:rpm/almalinux/freerdp-devel
Vulnerabilities (98)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-11040 | — | < 2:2.1.1-1.el8 | 2:2.1.1-1.el8 | May 29, 2020 | In FreeRDP less than or equal to 2.0.0, there is an out-of-bound data read from memory in clear_decompress_subcode_rlex, visualized on screen as color. This has been patched in 2.1.0. | ||
| CVE-2020-11039 | — | < 2:2.1.1-1.el8 | 2:2.1.1-1.el8 | May 29, 2020 | In FreeRDP less than or equal to 2.0.0, when using a manipulated server with USB redirection enabled (nearly) arbitrary memory can be read and written due to integer overflows in length checks. This has been patched in 2.1.0. | ||
| CVE-2020-11038 | — | < 2:2.1.1-1.el8 | 2:2.1.1-1.el8 | May 29, 2020 | In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer Overflow exists. When using /video redirection, a manipulated server can instruct the client to allocate a buffer with a smaller size than requested due to an integer overflow in size calculation. With later me | ||
| CVE-2020-11019 | — | < 2:2.1.1-1.el8 | 2:2.1.1-1.el8 | May 29, 2020 | In FreeRDP less than or equal to 2.0.0, when running with logger set to "WLOG_TRACE", a possible crash of application could occur due to a read of an invalid array index. Data could be printed as string to local terminal. This has been fixed in 2.1.0. | ||
| CVE-2020-11018 | — | < 2:2.1.1-1.el8 | 2:2.1.1-1.el8 | May 29, 2020 | In FreeRDP less than or equal to 2.0.0, a possible resource exhaustion vulnerability can be performed. Malicious clients could trigger out of bound reads causing memory allocation with random size. This has been fixed in 2.1.0. | ||
| CVE-2020-13397 | — | < 2:2.1.1-1.el8 | 2:2.1.1-1.el8 | May 22, 2020 | An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in libfreerdp/core/security.c due to an uninitialized value. | ||
| CVE-2020-13396 | — | < 2:2.1.1-1.el8 | 2:2.1.1-1.el8 | May 22, 2020 | An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in ntlm_read_ChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c. | ||
| CVE-2020-11526 | — | < 2:2.1.1-1.el8 | 2:2.1.1-1.el8 | May 15, 2020 | libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc4 has an Out-of-bounds Read. | ||
| CVE-2020-11525 | — | < 2:2.1.1-1.el8 | 2:2.1.1-1.el8 | May 15, 2020 | libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out of bounds read. | ||
| CVE-2020-11522 | — | < 2:2.1.1-1.el8 | 2:2.1.1-1.el8 | May 15, 2020 | libfreerdp/gdi/gdi.c in FreeRDP > 1.0 through 2.0.0-rc4 has an Out-of-bounds Read. | ||
| CVE-2020-11058 | — | < 2:2.1.1-1.el8 | 2:2.1.1-1.el8 | May 12, 2020 | In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in rdp_read_font_capability_set could lead to a later out-of-bounds read. As a result, a manipulated client or server might force a disconnect due to an invalid data read. This has been fixed in 2.0.0. | ||
| CVE-2020-11049 | — | < 2:2.1.1-1.el8 | 2:2.1.1-1.el8 | May 7, 2020 | In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bound read of client memory that is then passed on to the protocol parser. This has been patched in 2.0.0. | ||
| CVE-2020-11048 | — | < 2:2.1.1-1.el8 | 2:2.1.1-1.el8 | May 7, 2020 | In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bounds read. It only allows to abort a session. No data extraction is possible. This has been fixed in 2.0.0. | ||
| CVE-2020-11047 | — | < 2:2.1.1-1.el8 | 2:2.1.1-1.el8 | May 7, 2020 | In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bounds read in autodetect_recv_bandwidth_measure_results. A malicious server can extract up to 8 bytes of client memory with a manipulated message by providing a short input and reading the measurement result data. This ha | ||
| CVE-2020-11046 | — | < 2:2.1.1-1.el8 | 2:2.1.1-1.el8 | May 7, 2020 | In FreeRDP after 1.0 and before 2.0.0, there is a stream out-of-bounds seek in update_read_synchronize that could lead to a later out-of-bounds read. | ||
| CVE-2020-11045 | — | < 2:2.1.1-1.el8 | 2:2.1.1-1.el8 | May 7, 2020 | In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bound read in in update_read_bitmap_data that allows client memory to be read to an image buffer. The result displayed on screen as colour. | ||
| CVE-2020-11044 | — | < 2:2.1.1-1.el8 | 2:2.1.1-1.el8 | May 7, 2020 | In FreeRDP greater than 1.2 and before 2.0.0, a double free in update_read_cache_bitmap_v3_order crashes the client application if corrupted data from a manipulated server is parsed. This has been patched in 2.0.0. | ||
| CVE-2020-11042 | — | < 2:2.1.1-1.el8 | 2:2.1.1-1.el8 | May 7, 2020 | In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bounds read in update_read_icon_info. It allows reading a attacker-defined amount of client memory (32bit unsigned -> 4GB) to an intermediate buffer. This can be used to crash the client or store information for lat |
- CVE-2020-11040May 29, 2020affected < 2:2.1.1-1.el8fixed 2:2.1.1-1.el8
In FreeRDP less than or equal to 2.0.0, there is an out-of-bound data read from memory in clear_decompress_subcode_rlex, visualized on screen as color. This has been patched in 2.1.0.
- CVE-2020-11039May 29, 2020affected < 2:2.1.1-1.el8fixed 2:2.1.1-1.el8
In FreeRDP less than or equal to 2.0.0, when using a manipulated server with USB redirection enabled (nearly) arbitrary memory can be read and written due to integer overflows in length checks. This has been patched in 2.1.0.
- CVE-2020-11038May 29, 2020affected < 2:2.1.1-1.el8fixed 2:2.1.1-1.el8
In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer Overflow exists. When using /video redirection, a manipulated server can instruct the client to allocate a buffer with a smaller size than requested due to an integer overflow in size calculation. With later me
- CVE-2020-11019May 29, 2020affected < 2:2.1.1-1.el8fixed 2:2.1.1-1.el8
In FreeRDP less than or equal to 2.0.0, when running with logger set to "WLOG_TRACE", a possible crash of application could occur due to a read of an invalid array index. Data could be printed as string to local terminal. This has been fixed in 2.1.0.
- CVE-2020-11018May 29, 2020affected < 2:2.1.1-1.el8fixed 2:2.1.1-1.el8
In FreeRDP less than or equal to 2.0.0, a possible resource exhaustion vulnerability can be performed. Malicious clients could trigger out of bound reads causing memory allocation with random size. This has been fixed in 2.1.0.
- CVE-2020-13397May 22, 2020affected < 2:2.1.1-1.el8fixed 2:2.1.1-1.el8
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in libfreerdp/core/security.c due to an uninitialized value.
- CVE-2020-13396May 22, 2020affected < 2:2.1.1-1.el8fixed 2:2.1.1-1.el8
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in ntlm_read_ChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c.
- CVE-2020-11526May 15, 2020affected < 2:2.1.1-1.el8fixed 2:2.1.1-1.el8
libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc4 has an Out-of-bounds Read.
- CVE-2020-11525May 15, 2020affected < 2:2.1.1-1.el8fixed 2:2.1.1-1.el8
libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out of bounds read.
- CVE-2020-11522May 15, 2020affected < 2:2.1.1-1.el8fixed 2:2.1.1-1.el8
libfreerdp/gdi/gdi.c in FreeRDP > 1.0 through 2.0.0-rc4 has an Out-of-bounds Read.
- CVE-2020-11058May 12, 2020affected < 2:2.1.1-1.el8fixed 2:2.1.1-1.el8
In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in rdp_read_font_capability_set could lead to a later out-of-bounds read. As a result, a manipulated client or server might force a disconnect due to an invalid data read. This has been fixed in 2.0.0.
- CVE-2020-11049May 7, 2020affected < 2:2.1.1-1.el8fixed 2:2.1.1-1.el8
In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bound read of client memory that is then passed on to the protocol parser. This has been patched in 2.0.0.
- CVE-2020-11048May 7, 2020affected < 2:2.1.1-1.el8fixed 2:2.1.1-1.el8
In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bounds read. It only allows to abort a session. No data extraction is possible. This has been fixed in 2.0.0.
- CVE-2020-11047May 7, 2020affected < 2:2.1.1-1.el8fixed 2:2.1.1-1.el8
In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bounds read in autodetect_recv_bandwidth_measure_results. A malicious server can extract up to 8 bytes of client memory with a manipulated message by providing a short input and reading the measurement result data. This ha
- CVE-2020-11046May 7, 2020affected < 2:2.1.1-1.el8fixed 2:2.1.1-1.el8
In FreeRDP after 1.0 and before 2.0.0, there is a stream out-of-bounds seek in update_read_synchronize that could lead to a later out-of-bounds read.
- CVE-2020-11045May 7, 2020affected < 2:2.1.1-1.el8fixed 2:2.1.1-1.el8
In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bound read in in update_read_bitmap_data that allows client memory to be read to an image buffer. The result displayed on screen as colour.
- CVE-2020-11044May 7, 2020affected < 2:2.1.1-1.el8fixed 2:2.1.1-1.el8
In FreeRDP greater than 1.2 and before 2.0.0, a double free in update_read_cache_bitmap_v3_order crashes the client application if corrupted data from a manipulated server is parsed. This has been patched in 2.0.0.
- CVE-2020-11042May 7, 2020affected < 2:2.1.1-1.el8fixed 2:2.1.1-1.el8
In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bounds read in update_read_icon_info. It allows reading a attacker-defined amount of client memory (32bit unsigned -> 4GB) to an intermediate buffer. This can be used to crash the client or store information for lat
Page 5 of 5