Vulnerability Details : CVE-2020-11521

libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write.

Vulnerability category: Overflow

Published 2020-05-15 17:15:12

Updated 2022-04-26 20:36:34

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2020-11521

Probability of exploitation activity in the next 30 days: 0.37%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 69 % EPSS Score History EPSS FAQ

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
6.0	MEDIUM	AV:N/AC:M/Au:S/C:P/I:P/A:P	6.8	6.4	nvd@nist.gov
Access Vector: Network Access Complexity: Medium Authentication: Single Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
6.6	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H	0.7	5.9	nvd@nist.gov
Attack Vector: Network Attack Complexity: High Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

Assigned by: nvd@nist.gov (Primary)
CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.

Assigned by: nvd@nist.gov (Primary)

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5cwc-6wc9-255w

Out-of-bounds write in planar.c · Advisory · FreeRDP/FreeRDP · GitHub
Patch;Third Party Advisory
https://usn.ubuntu.com/4382-1/

USN-4382-1: FreeRDP vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
https://pub.freerdp.com/cve/CVE-2020-11521/pocAnalysis_6.pdf

Exploit;Vendor Advisory
https://usn.ubuntu.com/4379-1/

USN-4379-1: FreeRDP vulnerabilities | Ubuntu security notices
Third Party Advisory

CVEs referencing this url
https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html

[SECURITY] [DLA 2356-1] freerdp security update
Mailing List;Third Party Advisory

CVEs referencing this url
https://github.com/FreeRDP/FreeRDP/commits/master

Commits · FreeRDP/FreeRDP · GitHub
Patch;Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html

[security-announce] openSUSE-SU-2020:1090-1: important: Security update
Mailing List;Third Party Advisory

CVEs referencing this url

Debian » Debian Linux » Version: 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 18.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 19.10
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 16.04 ESM Edition
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 20.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
Matching versions
Opensuse » Leap » Version: 15.1
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
Matching versions
Freerdp » Freerdp
Versions after (>) 1.0.0 and before (<) 2.0.0
cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*
Matching versions
Freerdp » Freerdp » Version: 2.0.0
cpe:2.3:a:freerdp:freerdp:2.0.0:-:*:*:*:*:*:*
Matching versions
Freerdp » Freerdp » Version: 2.0.0 Update RC0
cpe:2.3:a:freerdp:freerdp:2.0.0:rc0:*:*:*:*:*:*
Matching versions
Freerdp » Freerdp » Version: 2.0.0 Update RC1
cpe:2.3:a:freerdp:freerdp:2.0.0:rc1:*:*:*:*:*:*
Matching versions
Freerdp » Freerdp » Version: 2.0.0 Update RC2
cpe:2.3:a:freerdp:freerdp:2.0.0:rc2:*:*:*:*:*:*
Matching versions
Freerdp » Freerdp » Version: 2.0.0 Update RC3
cpe:2.3:a:freerdp:freerdp:2.0.0:rc3:*:*:*:*:*:*
Matching versions
Freerdp » Freerdp » Version: 2.0.0 Update RC4
cpe:2.3:a:freerdp:freerdp:2.0.0:rc4:*:*:*:*:*:*
Matching versions