VYPR

Freerdp

by Freerdp

Source repositories

CVEs (172)

  • CVE-2020-11040May 29, 2020
    risk 0.00cvss epss 0.02

    In FreeRDP less than or equal to 2.0.0, there is an out-of-bound data read from memory in clear_decompress_subcode_rlex, visualized on screen as color. This has been patched in 2.1.0.

  • CVE-2020-11017May 29, 2020
    risk 0.00cvss epss 0.02

    In FreeRDP less than or equal to 2.0.0, by providing manipulated input a malicious client can create a double free condition and crash the server. This is fixed in version 2.1.0.

  • CVE-2020-11038May 29, 2020
    risk 0.00cvss epss 0.01

    In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer Overflow exists. When using /video redirection, a manipulated server can instruct the client to allocate a buffer with a smaller size than requested due to an integer overflow in size calculation. With later…

  • CVE-2020-11019May 29, 2020
    risk 0.00cvss epss 0.03

    In FreeRDP less than or equal to 2.0.0, when running with logger set to "WLOG_TRACE", a possible crash of application could occur due to a read of an invalid array index. Data could be printed as string to local terminal. This has been fixed in 2.1.0.

  • CVE-2020-11086May 29, 2020
    risk 0.00cvss epss 0.01

    In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_ntlm_v2_client_challenge that reads up to 28 bytes out-of-bound to an internal structure. This has been fixed in 2.1.0.

  • CVE-2020-11039May 29, 2020
    risk 0.00cvss epss 0.01

    In FreeRDP less than or equal to 2.0.0, when using a manipulated server with USB redirection enabled (nearly) arbitrary memory can be read and written due to integer overflows in length checks. This has been patched in 2.1.0.

  • CVE-2020-11087May 29, 2020
    risk 0.00cvss epss 0.01

    In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_AuthenticateMessage. This has been fixed in 2.1.0.

  • CVE-2020-11089May 29, 2020
    risk 0.00cvss epss 0.01

    In FreeRDP before 2.1.0, there is an out-of-bound read in irp functions (parallel_process_irp_create, serial_process_irp_create, drive_process_irp_write, printer_process_irp_write, rdpei_recv_pdu, serial_process_irp_write). This has been fixed in 2.1.0.

  • CVE-2020-11018May 29, 2020
    risk 0.00cvss epss 0.02

    In FreeRDP less than or equal to 2.0.0, a possible resource exhaustion vulnerability can be performed. Malicious clients could trigger out of bound reads causing memory allocation with random size. This has been fixed in 2.1.0.

  • CVE-2020-13396May 22, 2020
    risk 0.00cvss epss 0.02

    An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in ntlm_read_ChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c.

  • CVE-2020-13398May 22, 2020
    risk 0.00cvss epss 0.02

    An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c.

  • CVE-2020-13397May 22, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in libfreerdp/core/security.c due to an uninitialized value.

  • CVE-2020-11526May 15, 2020
    risk 0.00cvss epss 0.02

    libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc4 has an Out-of-bounds Read.

  • CVE-2020-11525May 15, 2020
    risk 0.00cvss epss 0.02

    libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out of bounds read.

  • CVE-2020-11524May 15, 2020
    risk 0.00cvss epss 0.02

    libfreerdp/codec/interleaved.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write.

  • CVE-2020-11523May 15, 2020
    risk 0.00cvss epss 0.02

    libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Integer Overflow.

  • CVE-2020-11522May 15, 2020
    risk 0.00cvss epss 0.03

    libfreerdp/gdi/gdi.c in FreeRDP > 1.0 through 2.0.0-rc4 has an Out-of-bounds Read.

  • CVE-2020-11521May 15, 2020
    risk 0.00cvss epss 0.02

    libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write.

  • CVE-2020-11058May 12, 2020
    risk 0.00cvss epss 0.02

    In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in rdp_read_font_capability_set could lead to a later out-of-bounds read. As a result, a manipulated client or server might force a disconnect due to an invalid data read. This has been fixed in 2.0.0.

  • CVE-2020-11045May 7, 2020
    risk 0.00cvss epss 0.02

    In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bound read in in update_read_bitmap_data that allows client memory to be read to an image buffer. The result displayed on screen as colour.

Page 8 of 9