CVE-2020-13398

Published: May 22, 2020Modified: Nov 21, 2024

8.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

Exploitability: 2.8 / Impact: 5.5

Source: NVD

Description

An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c.

Affected (8)

Products: Freerdp: Freerdp · Canonical: Ubuntu Linux · Debian: Debian Linux · +1 more

Show all products

Freerdp: Freerdp · Canonical: Ubuntu Linux · Debian: Debian Linux · Opensuse: Leap

1 product

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Freerdp Freerdp	Before 2.1.1

Configuration B

7 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 16.04
Canonical Ubuntu Linux	Version 18.04
Canonical Ubuntu Linux	Version 19.10
Canonical Ubuntu Linux	Version 20.04
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 9.0
Opensuse Leap	Version 15.1

Related CWEs

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (16)

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html

Source: cve@mitre.org

Third Party Advisory

https://github.com/FreeRDP/FreeRDP/commit/8305349a943c68b1bc8c158f431dc607655aadea

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/FreeRDP/FreeRDP/commit/8fb6336a4072abcee8ce5bd6ae91104628c7bb69

Source: cve@mitre.org

Third Party Advisory

https://github.com/FreeRDP/FreeRDP/compare/2.1.0...2.1.1

Source: cve@mitre.org

Release NotesThird Party Advisory

https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html

Source: cve@mitre.org

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://usn.ubuntu.com/4379-1/

Source: cve@mitre.org

Third Party Advisory

https://usn.ubuntu.com/4382-1/

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://github.com/FreeRDP/FreeRDP/commit/8305349a943c68b1bc8c158f431dc607655aadea

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/FreeRDP/FreeRDP/commit/8fb6336a4072abcee8ce5bd6ae91104628c7bb69

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://github.com/FreeRDP/FreeRDP/compare/2.1.0...2.1.1

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://usn.ubuntu.com/4379-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://usn.ubuntu.com/4382-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.