3.5
CVE-2020-11525
- EPSS 1.68%
- Veröffentlicht 15.05.2020 17:15:12
- Zuletzt bearbeitet 21.11.2024 04:58:04
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out of bounds read.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Canonical ≫ Ubuntu Linux Version16.04 SwEditionesm
Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version19.10
Canonical ≫ Ubuntu Linux Version20.04 SwEditionlts
Debian ≫ Debian Linux Version9.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.68% | 0.739 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 2.2 | 0.7 | 1.4 |
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L
|
| nvd@nist.gov | 3.5 | 6.8 | 2.9 |
AV:N/AC:M/Au:S/C:N/I:N/A:P
|
CWE-125 Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html
https://usn.ubuntu.com/4379-1/
https://usn.ubuntu.com/4382-1/
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html
https://github.com/FreeRDP/FreeRDP/commits/master
https://github.com/FreeRDP/FreeRDP/pull/6019/commits/58dc36b3c883fd460199cedb6d30e58eba58298c
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9755-fphh-gmjg
https://pub.freerdp.com/cve/CVE-2020-11525/pocAnalysis_1.pdf