freerdp

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Free implementation of the Remote Desktop Protocol (RDP)
Version 2:2.4.1-1 [community]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2488 2:2.4.0-2 2:2.4.1-1 Medium Fixed
AVG-2227 2:2.3.2-1 Medium Not affected
AVG-1209 2:2.1.2-1 2:2.2.0-1 Medium Fixed
AVG-1193 2:2.1.1-1 2:2.1.2-1 High Fixed
AVG-1172 2:2.1.0-1 2:2.1.1-1 High Fixed
AVG-1131 1:2.0.0_rc4-8 2:2.0.0-1 Critical Fixed
Issue Group Severity Remote Type Description
CVE-2021-41160 AVG-2488 Medium Yes Arbitrary code execution
A security issue has been found in FreeRDP before version 2.4.1. A malicious server might trigger out of bound writes in a connected client.  Connections...
CVE-2021-41159 AVG-2488 Medium Yes Arbitrary code execution
A security issue has been found in FreeRDP before version 2.4.1. Improper client input validation for gateway connections (/gt:rpc) allows a malicious...
CVE-2021-37595 AVG-2227 Medium Yes Insufficient validation
In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_request in client/Windows/wf_cliprdr.c has missing input checks for a FILECONTENTS_RANGE...
CVE-2021-37594 AVG-2227 Medium Yes Insufficient validation
In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_request in client/Windows/wf_cliprdr.c has missing input checks for a FILECONTENTS_SIZE...
CVE-2020-15103 AVG-1209 Medium Yes Denial of service
In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. All FreeRDP clients are affected. The...
CVE-2020-13398 AVG-1172 High No Information disclosure
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c.
CVE-2020-13397 AVG-1172 High No Information disclosure
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in...
CVE-2020-13396 AVG-1172 High No Information disclosure
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in ntlm_read_ChallengeMessage in...
CVE-2020-11526 AVG-1131 High Yes Information disclosure
An out-of-bounds read issue has been found in FreeRDP before 2.0.0.
CVE-2020-11525 AVG-1131 High Yes Information disclosure
An out-of-bounds read issue has been found in FreeRDP before 2.0.0.
CVE-2020-11524 AVG-1131 High Yes Arbitrary code execution
An out-of-bounds write issue has been found in the RLEDECOMPRESS function of FreeRDP before 2.0.0.
CVE-2020-11523 AVG-1131 Low Yes Information disclosure
An integer overflow issue has been found in FreeRDP before 2.0.0.
CVE-2020-11522 AVG-1131 Low Yes Information disclosure
An out-of-bounds read has been found in the gdi_multi_opaque_rect function of FreeRDP before 2.0.0.
CVE-2020-11521 AVG-1131 Critical Yes Arbitrary code execution
An out-of-bounds write has been found in FreeRDP before 2.0.0, in the planar_skip_plane_rle function.
CVE-2020-11099 AVG-1193 Low Yes Information disclosure
An out-of-bounds read has been found in FreeRDP before 2.1.2, in license_read_new_or_upgrade_license_packet().
CVE-2020-11098 AVG-1193 Low Yes Information disclosure
An out-of-bounds read has been found in FreeRDP before 2.1.2, in glyph_cache_put. This issue only exists when glyph-cache is enabled, which is not the case...
CVE-2020-11097 AVG-1193 Low Yes Information disclosure
An out-of-bounds read has been found in FreeRDP before 2.1.2, in ntlm_av_pair_get().
CVE-2020-11096 AVG-1193 Low Yes Information disclosure
An out-of-bounds read has been found in FreeRDP before 2.1.2, in update_read_cache_bitmap_v3_order().
CVE-2020-11095 AVG-1193 Medium Yes Information disclosure
A global out-of-bounds read has been found in FreeRDP before 2.1.2, in update_recv_primary_order.
CVE-2020-11049 AVG-1131 Low Yes Information disclosure
An out-of-bounds read has been found in FreeRDP before 2.0.0.
CVE-2020-11048 AVG-1131 Low Yes Information disclosure
An out-of-bounds read has been found in FreeRDP before 2.0.0.
CVE-2020-11047 AVG-1131 Medium Yes Information disclosure
An information disclosure issue has been found in FreeRDP before 2.0.0.
CVE-2020-11046 AVG-1131 Low Yes Denial of service
An out-of-bounds read has been found in FreeRDP before 2.0.0.
CVE-2020-11045 AVG-1131 Low Yes Information disclosure
An out-of-bounds read has been found in FreeRDP before 2.0.0.
CVE-2020-11044 AVG-1131 Low Yes Denial of service
A double-free issue has been found in FreeRDP before 2.0.0.
CVE-2020-11042 AVG-1131 High Yes Information disclosure
An out-of-bounds read issue has been found in FreeRDP before 2.0.0, allowing an attacker to read a defined amount of client memory (32bit unsigned -> 4GB)...
CVE-2020-4033 AVG-1193 Low Yes Information disclosure
An out-of-bounds read of up to 4 bytes has been found in FreeRDP before 2.1.2, affecting all FreeRDP based clients with sessions with color depth < 32.
CVE-2020-4032 AVG-1193 Low Yes Information disclosure
An integer casting vulnerability leading to an out-of-bounds read has been found in FreeRDP before 2.1.2, in update_recv_secondary_order(), on clients with...
CVE-2020-4031 AVG-1193 High Yes Arbitrary code execution
A use-after-free vulnerability has been found in FreeRDP before 2.1.2, in gdi_SelectObject(). Clients using compatibility mode enabled with...
CVE-2020-4030 AVG-1193 Medium Yes Information disclosure
An out-of-bounds read has been found in FreeRDP before 2.1.2, where logging might bypass string length checks due to an integer overflow.

Advisories

Date Advisory Group Severity Type
28 Jun 2020 ASA-202006-15 AVG-1193 High multiple issues
23 May 2020 ASA-202005-16 AVG-1172 High information disclosure