CVE-2020-4032

Published: Jun 22, 2020Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

In FreeRDP before version 2.1.2, there is an integer casting vulnerability in update_recv_secondary_order. All clients with +glyph-cache /relax-order-checks are affected. This is fixed in version 2.1.2.

Affected (7)

Products: Freerdp: Freerdp · Fedoraproject: Fedora · Opensuse: Leap · +2 more

Show all products

Freerdp: Freerdp · Fedoraproject: Fedora · Opensuse: Leap · Canonical: Ubuntu Linux · Debian: Debian Linux

1 product

1 product

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Freerdp Freerdp	Before 2.1.2

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 31
Fedoraproject Fedora	Version 32
Opensuse Leap	Version 15.1

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 18.04
Canonical Ubuntu Linux	Version 20.04

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0

Related CWEs

Incorrect Conversion between Numeric Types

When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.

References (16)

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html

Source: security-advisories@github.com

Third Party Advisory

http://www.freerdp.com/2020/06/22/2_1_2-released

Source: security-advisories@github.com

Release NotesVendor Advisory

https://github.com/FreeRDP/FreeRDP/commit/e7bffa64ef5ed70bac94f823e2b95262642f5296

Source: security-advisories@github.com

PatchThird Party Advisory

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3898-mc89-x2vc

Source: security-advisories@github.com

MitigationThird Party Advisory

https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html

Source: security-advisories@github.com

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ/

Source: security-advisories@github.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOZLH35OJWIQLM7FYDXAP2EAUBDXE76V/

Source: security-advisories@github.com

https://usn.ubuntu.com/4481-1/

Source: security-advisories@github.com

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.freerdp.com/2020/06/22/2_1_2-released

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://github.com/FreeRDP/FreeRDP/commit/e7bffa64ef5ed70bac94f823e2b95262642f5296

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3898-mc89-x2vc

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationThird Party Advisory

https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOZLH35OJWIQLM7FYDXAP2EAUBDXE76V/

Source: af854a3a-2127-422b-91ae-364da2661108

https://usn.ubuntu.com/4481-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.