Vulnerability Details : CVE-2020-11526
libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc4 has an Out-of-bounds Read.
Vulnerability category: Overflow
Exploit prediction scoring system (EPSS) score for CVE-2020-11526
Probability of exploitation activity in the next 30 days: 0.13%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 47 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2020-11526
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
3.5
|
LOW | AV:N/AC:M/Au:S/C:N/I:N/A:P |
6.8
|
2.9
|
nvd@nist.gov |
|
2.2
|
LOW | CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L |
0.7
|
1.4
|
nvd@nist.gov |
CWE ids for CVE-2020-11526
-
The product reads data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
-
The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-11526
-
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-97jw-m5w5-xvf9
Stream pointer out of bounds in update_recv_secondary_order could lead out of bounds read later · Advisory · FreeRDP/FreeRDP · GitHubPatch;Third Party Advisory
-
https://usn.ubuntu.com/4382-1/
USN-4382-1: FreeRDP vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://pub.freerdp.com/cve/CVE-2020-11526/pocAnalysis_4.pdf
Exploit;Vendor Advisory
-
https://usn.ubuntu.com/4379-1/
USN-4379-1: FreeRDP vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html
[SECURITY] [DLA 2356-1] freerdp security updateMailing List;Third Party Advisory
-
https://github.com/FreeRDP/FreeRDP/commits/master
Commits · FreeRDP/FreeRDP · GitHubPatch;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html
[security-announce] openSUSE-SU-2020:1090-1: important: Security updateMailing List;Third Party Advisory
Products affected by CVE-2020-11526
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
- cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
- cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*
- cpe:2.3:a:freerdp:freerdp:2.0.0:-:*:*:*:*:*:*
- cpe:2.3:a:freerdp:freerdp:2.0.0:rc0:*:*:*:*:*:*
- cpe:2.3:a:freerdp:freerdp:2.0.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:freerdp:freerdp:2.0.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:freerdp:freerdp:2.0.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:freerdp:freerdp:2.0.0:rc4:*:*:*:*:*:*