freerdp

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Free implementation of the Remote Desktop Protocol (RDP)
Version 2:2.2.0-2 [community]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1209 2:2.1.2-1 2:2.2.0-1 Medium Fixed
AVG-1193 2:2.1.1-1 2:2.1.2-1 High Fixed
AVG-1172 2:2.1.0-1 2:2.1.1-1 High Fixed
AVG-1131 1:2.0.0_rc4-8 2:2.0.0-1 Critical Fixed
Issue Group Severity Remote Type Description
CVE-2020-15103 AVG-1209 Medium Yes Denial of service
In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. All FreeRDP clients are affected. The...
CVE-2020-13398 AVG-1172 High No Information disclosure
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c.
CVE-2020-13397 AVG-1172 High No Information disclosure
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in...
CVE-2020-13396 AVG-1172 High No Information disclosure
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in ntlm_read_ChallengeMessage in...
CVE-2020-11526 AVG-1131 High Yes Information disclosure
An out-of-bounds read issue has been found in FreeRDP before 2.0.0.
CVE-2020-11525 AVG-1131 High Yes Information disclosure
An out-of-bounds read issue has been found in FreeRDP before 2.0.0.
CVE-2020-11524 AVG-1131 High Yes Arbitrary code execution
An out-of-bounds write issue has been found in the RLEDECOMPRESS function of FreeRDP before 2.0.0.
CVE-2020-11523 AVG-1131 Low Yes Information disclosure
An integer overflow issue has been found in FreeRDP before 2.0.0.
CVE-2020-11522 AVG-1131 Low Yes Information disclosure
An out-of-bounds read has been found in the gdi_multi_opaque_rect function of FreeRDP before 2.0.0.
CVE-2020-11521 AVG-1131 Critical Yes Arbitrary code execution
An out-of-bounds write has been found in FreeRDP before 2.0.0, in the planar_skip_plane_rle function.
CVE-2020-11099 AVG-1193 Low Yes Information disclosure
An out-of-bounds read has been found in FreeRDP before 2.1.2, in license_read_new_or_upgrade_license_packet().
CVE-2020-11098 AVG-1193 Low Yes Information disclosure
An out-of-bounds read has been found in FreeRDP before 2.1.2, in glyph_cache_put. This issue only exists when glyph-cache is enabled, which is not the case...
CVE-2020-11097 AVG-1193 Low Yes Information disclosure
An out-of-bounds read has been found in FreeRDP before 2.1.2, in ntlm_av_pair_get().
CVE-2020-11096 AVG-1193 Low Yes Information disclosure
An out-of-bounds read has been found in FreeRDP before 2.1.2, in update_read_cache_bitmap_v3_order().
CVE-2020-11095 AVG-1193 Medium Yes Information disclosure
A global out-of-bounds read has been found in FreeRDP before 2.1.2, in update_recv_primary_order.
CVE-2020-11049 AVG-1131 Low Yes Information disclosure
An out-of-bounds read has been found in FreeRDP before 2.0.0.
CVE-2020-11048 AVG-1131 Low Yes Information disclosure
An out-of-bounds read has been found in FreeRDP before 2.0.0.
CVE-2020-11047 AVG-1131 Medium Yes Information disclosure
An information disclosure issue has been found in FreeRDP before 2.0.0.
CVE-2020-11046 AVG-1131 Low Yes Denial of service
An out-of-bounds read has been found in FreeRDP before 2.0.0.
CVE-2020-11045 AVG-1131 Low Yes Information disclosure
An out-of-bounds read has been found in FreeRDP before 2.0.0.
CVE-2020-11044 AVG-1131 Low Yes Denial of service
A double-free issue has been found in FreeRDP before 2.0.0.
CVE-2020-11042 AVG-1131 High Yes Information disclosure
An out-of-bounds read issue has been found in FreeRDP before 2.0.0, allowing an attacker to read a defined amount of client memory (32bit unsigned -> 4GB)...
CVE-2020-4033 AVG-1193 Low Yes Information disclosure
An out-of-bounds read of up to 4 bytes has been found in FreeRDP before 2.1.2, affecting all FreeRDP based clients with sessions with color depth < 32.
CVE-2020-4032 AVG-1193 Low Yes Information disclosure
An integer casting vulnerability leading to an out-of-bounds read has been found in FreeRDP before 2.1.2, in update_recv_secondary_order(), on clients with...
CVE-2020-4031 AVG-1193 High Yes Arbitrary code execution
A use-after-free vulnerability has been found in FreeRDP before 2.1.2, in gdi_SelectObject(). Clients using compatibility mode enabled with...
CVE-2020-4030 AVG-1193 Medium Yes Information disclosure
An out-of-bounds read has been found in FreeRDP before 2.1.2, where logging might bypass string length checks due to an integer overflow.

Advisories

Date Advisory Group Severity Description
28 Jun 2020 ASA-202006-15 AVG-1193 High multiple issues
23 May 2020 ASA-202005-16 AVG-1172 High information disclosure