Vulnerability DatabaseCVE-2020-11038
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2020-11038
May 29, 2020
In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer Overflow exists. When using /video redirection, a manipulated server can instruct the client to allocate a buffer with a smaller size than requested due to an integer overflow in size calculation. With later messages, the server can manipulate the client to write data out of bound to the previously allocated buffer. This has been patched in 2.1.0.
Related ResourcesĀ (6)
https://security-tracker.debian.org/tracker/CVE-2020-11038
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-h25x-cqr6-fp6g
https://people.canonical.com/~ubuntu-security/cve/CVE-2020-11038
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html
https://access.redhat.com/security/cve/CVE-2020-11038
https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html
Do you need more information?
Contact Us
CVSS v4
Base Score:
7.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
PASSIVE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
HIGH
Vulnerable System Availability
LOW
Subsequent System Confidentiality
NONE
Subsequent System Integrity
HIGH
Subsequent System Availability
LOW
CVSS v3
Base Score:
6.9
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
NONE
Integrity
HIGH
Availability
LOW
CVSS v2
Base Score:
5.5
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
Weakness Type (CWE)
Integer Overflow to Buffer Overflow
CWE-680
Integer Overflow or Wraparound
CWE-190
EPSS
Base Score:
0.18