CVE-2020-13397

Published: May 22, 2020Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in libfreerdp/core/security.c due to an uninitialized value.

Affected (8)

Products: Freerdp: Freerdp · Canonical: Ubuntu Linux · Debian: Debian Linux · +1 more

Show all products

Freerdp: Freerdp · Canonical: Ubuntu Linux · Debian: Debian Linux · Opensuse: Leap

1 product

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Freerdp Freerdp	Before 2.1.1

Configuration B

7 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 18.04
Canonical Ubuntu Linux	Version 19.10
Canonical Ubuntu Linux	Version 20.04
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 9.0
Opensuse Leap	Version 15.1

Related CWEs

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

References (16)

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html

Source: cve@mitre.org

Third Party Advisory

https://github.com/FreeRDP/FreeRDP/commit/8fb6336a4072abcee8ce5bd6ae91104628c7bb69

Source: cve@mitre.org

Third Party Advisory

https://github.com/FreeRDP/FreeRDP/commit/d6cd14059b257318f176c0ba3ee0a348826a9ef8

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/FreeRDP/FreeRDP/compare/2.1.0...2.1.1

Source: cve@mitre.org

Release NotesThird Party Advisory

https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html

Source: cve@mitre.org

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://usn.ubuntu.com/4379-1/

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/4382-1/

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://github.com/FreeRDP/FreeRDP/commit/8fb6336a4072abcee8ce5bd6ae91104628c7bb69

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://github.com/FreeRDP/FreeRDP/commit/d6cd14059b257318f176c0ba3ee0a348826a9ef8

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/FreeRDP/FreeRDP/compare/2.1.0...2.1.1

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://usn.ubuntu.com/4379-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://usn.ubuntu.com/4382-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.