English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.113703
Category:General
Title:FreeRDP < 2.1.0 Multiple Vulnerabilities
Summary:FreeRDP is prone to multiple vulnerabilities.
Description:Summary:
FreeRDP is prone to multiple vulnerabilities.

Vulnerability Insight:
The following vulnerabilities exist:

- By providing manipulated input a malicious client can
create a double free condition and crash the server. (CVE-2020-11017)

- Malicious clients could trigger out of bound reads
causing memory allocation with random size. (CVE-2020-11018)

- When running with logger set to 'WLOG_TRACE', a possible crash of application could occur
due to a read of an invalid array index. Data could be printed as string to local terminal. (CVE-2020-11019)

- When using /video redirection, a manipulated server can instruct the client
to allocate a buffer with a smaller size than requested due to an integer overflow in size calculation.
With later messages, the server can manipulate the client
to write data out of bound to the previously allocated buffer. (CVE-2020-11038)

- When using a manipulated server with USB redirection enabled,
arbitrary memory can be read and written due to integer overflows in length checks. (CVE-2020-11039)

- There is an out-of-bound data read from memory
in clear_decompress_subcode_rlex, visualized on screen as color. (CVE-2020-11040)

- An outside controlled array index is used unchecked for data used as configuration for sound backend.
The most likely outcome is a crash of the client instance followed by no or distorted sound or a session disconnect.
If a user cannot upgrade to the patched version, a workaround is to disable sound for the session. (CVE-2020-11041)

- There is an out-of-bounds read in rfx_process_message_tileset.
Invalid data fed to RFX decoder results in garbage on screen (as colors). (CVE-2020-11043)

- There is an out-of-bounds read in cliprdr_read_format_list.
Clipboard format data read (by client or server) might read data out-of-bounds. (CVE-2020-11085)

- There is an out-of-bound read in ntlm_read_ntlm_v2_client_challenge
that reads up to 28 bytes out-of-bound to an internal structure. (CVE-2020-11086)

- There is an out-of-bound read in ntlm_read_AuthenticateMessage. (CVE-2020-11087)

- There is an out-of-bound read in ntlm_read_NegotiateMessage. (CVE-2020-11088)

- There is an out-of-bound read in irp functions
(parallel_process_irp_create, serial_process_irp_create, drive_process_irp_write,
printer_process_irp_write, rdpei_recv_pdu, serial_process_irp_write). (CVE-2020-11089)

Vulnerability Impact:
Successful exploitation would allow an attacker to
read sensitive information, crash the application or gain control over the target system.

Affected Software/OS:
FreeRDP through version 2.0.0.

Solution:
Update to version 2.1.0 or later.

CVSS Score:
6.0

CVSS Vector:
AV:N/AC:M/Au:S/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2020-11017
https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html
SuSE Security Announcement: openSUSE-SU-2020:1090 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html
Common Vulnerability Exposure (CVE) ID: CVE-2020-11018
Common Vulnerability Exposure (CVE) ID: CVE-2020-11019
Common Vulnerability Exposure (CVE) ID: CVE-2020-11038
Common Vulnerability Exposure (CVE) ID: CVE-2020-11039
Common Vulnerability Exposure (CVE) ID: CVE-2020-11040
Common Vulnerability Exposure (CVE) ID: CVE-2020-11041
Common Vulnerability Exposure (CVE) ID: CVE-2020-11043
Common Vulnerability Exposure (CVE) ID: CVE-2020-11085
https://github.com/FreeRDP/FreeRDP/commit/b73143cf7ee5fe4cdabcbf56908aa15d8a883821
Common Vulnerability Exposure (CVE) ID: CVE-2020-11086
https://github.com/FreeRDP/FreeRDP/commit/c098f21fdaadca57ff649eee1674f6cc321a2ec4
Common Vulnerability Exposure (CVE) ID: CVE-2020-11087
https://github.com/FreeRDP/FreeRDP/commit/8241ab42fdf0cc89cf69fc574bf6360c9977a0d4
Common Vulnerability Exposure (CVE) ID: CVE-2020-11088
https://github.com/FreeRDP/FreeRDP/commit/8fa38359634a9910b91719818ab02f23c320dbae
Common Vulnerability Exposure (CVE) ID: CVE-2020-11089
https://github.com/FreeRDP/FreeRDP/commit/6b485b146a1b9d6ce72dfd7b5f36456c166e7a16
https://github.com/FreeRDP/FreeRDP/commit/795842f4096501fcefc1a7f535ccc8132feb31d7
CopyrightCopyright (C) 2020 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.