Show vulnerabilities with patch / with exploit

Multiple vulnerabilities in FreeRDP



Published: 2020-06-02
Severity High
Patch available YES
Number of vulnerabilities 13
CVE ID CVE-2020-11087
CVE-2020-11088
CVE-2020-11089
CVE-2020-11086
CVE-2020-11085
CVE-2020-11043
CVE-2020-11041
CVE-2020-11040
CVE-2020-11039
CVE-2020-11038
CVE-2020-11019
CVE-2020-11018
CVE-2020-11017
CWE ID CWE-125
CWE-129
CWE-190
CWE-415
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
FreeRDP
Universal components / Libraries / Libraries used by multiple products

Vendor FreeRDP

Security Advisory

1) Out-of-bounds read

Severity: Low

CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-11087

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in the "ntlm_read_AuthenticateMessage" function. A remote authenticated attacker can trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

FreeRDP: 1.0, 1.0-beta1, 1.0-beta2, 1.0-beta3, 1.0-beta4, 1.0-beta5, 1.0.0, 1.0.1, 1.0.2, 1.0.2-rc1, 1.0.2-rc2, 1.1.0, 1.1.0+android2, 1.1.0+android3, 1.1.0+android4, 1.1.0+android5, 1.1.0+ios1, 1.1.0+ios2, 1.1.0+ios3, 1.1.0+ios4, 1.1.0-beta+2013071101, 1.1.0-beta1, 1.1.0-beta1+android2, 1.1.0-beta1+android3, 1.1.0-beta1+android4, 1.1.0-beta1+android5, 1.1.0-beta1+ios1, 1.1.0-beta1+ios2, 1.1.0-beta1+ios3, 1.1.0-beta1+ios4, 1.2.0, 1.2.0+android7, 1.2.0+android9, 1.2.0-beta1+android7, 1.2.0-beta1+android9, 2.0.0, 2.0.0+android10, 2.0.0+android11, 2.0.0-beta1+android10, 2.0.0-beta1+android11, 2.0.0-rc0, 2.0.0-rc1, 2.0.0-rc2, 2.0.0-rc3, 2.0.0-rc4

CPE External links

https://github.com/FreeRDP/FreeRDP/commit/8241ab42fdf0cc89cf69fc574bf6360c9977a0d4
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-84vj-g73m-chw7

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Out-of-bounds read

Severity: Low

CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-11088

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in the "ntlm_read_NegotiateMessage" function. A remote attacker can trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

FreeRDP: 1.0, 1.0-beta1, 1.0-beta2, 1.0-beta3, 1.0-beta4, 1.0-beta5, 1.0.0, 1.0.1, 1.0.2, 1.0.2-rc1, 1.0.2-rc2, 1.1.0, 1.1.0+android2, 1.1.0+android3, 1.1.0+android4, 1.1.0+android5, 1.1.0+ios1, 1.1.0+ios2, 1.1.0+ios3, 1.1.0+ios4, 1.1.0-beta+2013071101, 1.1.0-beta1, 1.1.0-beta1+android2, 1.1.0-beta1+android3, 1.1.0-beta1+android4, 1.1.0-beta1+android5, 1.1.0-beta1+ios1, 1.1.0-beta1+ios2, 1.1.0-beta1+ios3, 1.1.0-beta1+ios4, 1.2.0, 1.2.0+android7, 1.2.0+android9, 1.2.0-beta1+android7, 1.2.0-beta1+android9, 2.0.0, 2.0.0+android10, 2.0.0+android11, 2.0.0-beta1+android10, 2.0.0-beta1+android11, 2.0.0-rc0, 2.0.0-rc1, 2.0.0-rc2, 2.0.0-rc3, 2.0.0-rc4

CPE External links

https://github.com/FreeRDP/FreeRDP/commit/8fa38359634a9910b91719818ab02f23c320dbae
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-xh4f-fh87-43hp

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Out-of-bounds read

Severity: Medium

CVSSv3: 6.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-11089

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in the "parallel_process_irp_create", "serial_process_irp_create", "drive_process_irp_write", "printer_process_irp_write", "rdpei_recv_pdu" and "serial_process_irp_write" functions. A remote attacker can trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

FreeRDP: 1.0, 1.0-beta1, 1.0-beta2, 1.0-beta3, 1.0-beta4, 1.0-beta5, 1.0.0, 1.0.1, 1.0.2, 1.0.2-rc1, 1.0.2-rc2, 1.1.0, 1.1.0+android2, 1.1.0+android3, 1.1.0+android4, 1.1.0+android5, 1.1.0+ios1, 1.1.0+ios2, 1.1.0+ios3, 1.1.0+ios4, 1.1.0-beta+2013071101, 1.1.0-beta1, 1.1.0-beta1+android2, 1.1.0-beta1+android3, 1.1.0-beta1+android4, 1.1.0-beta1+android5, 1.1.0-beta1+ios1, 1.1.0-beta1+ios2, 1.1.0-beta1+ios3, 1.1.0-beta1+ios4, 1.2.0, 1.2.0+android7, 1.2.0+android9, 1.2.0-beta1+android7, 1.2.0-beta1+android9, 2.0.0, 2.0.0+android10, 2.0.0+android11, 2.0.0-beta1+android10, 2.0.0-beta1+android11, 2.0.0-rc0, 2.0.0-rc1, 2.0.0-rc2, 2.0.0-rc3, 2.0.0-rc4

CPE External links

https://github.com/FreeRDP/FreeRDP/commit/6b485b146a1b9d6ce72dfd7b5f36456c166e7a16
https://github.com/FreeRDP/FreeRDP/commit/795842f4096501fcefc1a7f535ccc8132feb31d7
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hfc7-c5gv-8c2h

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Out-of-bounds read

Severity: Low

CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-11086

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in the "ntlm_read_ntlm_v2_client_challenge" function. A remote authenticated attacker can trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

FreeRDP: 1.0, 1.0-beta1, 1.0-beta2, 1.0-beta3, 1.0-beta4, 1.0-beta5, 1.0.0, 1.0.1, 1.0.2, 1.0.2-rc1, 1.0.2-rc2, 1.1.0, 1.1.0+android2, 1.1.0+android3, 1.1.0+android4, 1.1.0+android5, 1.1.0+ios1, 1.1.0+ios2, 1.1.0+ios3, 1.1.0+ios4, 1.1.0-beta+2013071101, 1.1.0-beta1, 1.1.0-beta1+android2, 1.1.0-beta1+android3, 1.1.0-beta1+android4, 1.1.0-beta1+android5, 1.1.0-beta1+ios1, 1.1.0-beta1+ios2, 1.1.0-beta1+ios3, 1.1.0-beta1+ios4, 1.2.0, 1.2.0+android7, 1.2.0+android9, 1.2.0-beta1+android7, 1.2.0-beta1+android9, 2.0.0, 2.0.0+android10, 2.0.0+android11, 2.0.0-beta1+android10, 2.0.0-beta1+android11, 2.0.0-rc0, 2.0.0-rc1, 2.0.0-rc2, 2.0.0-rc3, 2.0.0-rc4

CPE External links

https://github.com/FreeRDP/FreeRDP/commit/c098f21fdaadca57ff649eee1674f6cc321a2ec4
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fg8v-w34r-c974

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Out-of-bounds read

Severity: Medium

CVSSv3: 4.7 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-11085

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information or perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in the "cliprdr_read_format_list" function. A remote authenticated attacker can trigger out-of-bounds read error and read contents of memory on the system or cause a deial of service condition.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

FreeRDP: 1.0, 1.1.0+android2, 1.1.0+android3, 1.1.0+android4, 1.1.0-beta1+android2, 1.1.0-beta1+android3, 1.1.0-beta1+android4, 1.1.0-beta1+android5, 1.1.0-beta1+ios1, 1.1.0-beta1+ios2, 1.1.0-beta1+ios3, 1.1.0-beta1+ios4, 1.2.0, 1.2.0-beta1+android7, 1.2.0-beta1+android9, 2.0.0-beta1+android10, 2.0.0-beta1+android11

CPE External links

https://github.com/FreeRDP/FreeRDP/commit/b73143cf7ee5fe4cdabcbf56908aa15d8a883821
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-2j4w-v45m-95hf

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Out-of-bounds read

Severity: Medium

CVSSv3: 4.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-11043

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to a boundary condition in the "rfx_process_message_tileset" function. A remote attacker can trigger out-of-bounds read error, results in garbage on screen (as colors).

Mitigation

Install updates from vendor's website.

Vulnerable software versions

FreeRDP: 1.0, 1.0-beta1, 1.0-beta2, 1.0-beta3, 1.0-beta4, 1.0-beta5, 1.0.0, 1.0.1, 1.0.2, 1.0.2-rc1, 1.0.2-rc2, 1.1.0, 1.1.0+android2, 1.1.0+android3, 1.1.0+android4, 1.1.0+android5, 1.1.0+ios1, 1.1.0+ios2, 1.1.0+ios3, 1.1.0+ios4, 1.1.0-beta+2013071101, 1.1.0-beta1, 1.1.0-beta1+android2, 1.1.0-beta1+android3, 1.1.0-beta1+android4, 1.1.0-beta1+android5, 1.1.0-beta1+ios1, 1.1.0-beta1+ios2, 1.1.0-beta1+ios3, 1.1.0-beta1+ios4, 1.2.0, 1.2.0+android7, 1.2.0+android9, 1.2.0-beta1+android7, 1.2.0-beta1+android9, 2.0.0, 2.0.0+android10, 2.0.0+android11, 2.0.0-beta1+android10, 2.0.0-beta1+android11, 2.0.0-rc0, 2.0.0-rc1, 2.0.0-rc2, 2.0.0-rc3, 2.0.0-rc4

CPE External links

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5mr4-28w3-rc84

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Improper Validation of Array Index

Severity: Low

CVSSv3: 2 [CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-11041

CWE-ID: CWE-129 - Improper Validation of Array Index

Exploit availability: No

Description

The vulnerability allows a remote user to perform a denal of service (DoS) attack.

The vulnerability exists due to unchecked read of array offset in "rdpsnd_recv_wave2_pdu". A remote administrator can crash the client instance followed by no or distorted sound or a session disconnect.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

FreeRDP: 1.0, 1.0-beta1, 1.0-beta2, 1.0-beta3, 1.0-beta4, 1.0-beta5, 1.0.0, 1.0.1, 1.0.2, 1.0.2-rc1, 1.0.2-rc2, 1.1.0, 1.1.0+android2, 1.1.0+android3, 1.1.0+android4, 1.1.0+android5, 1.1.0+ios1, 1.1.0+ios2, 1.1.0+ios3, 1.1.0+ios4, 1.1.0-beta+2013071101, 1.1.0-beta1, 1.1.0-beta1+android2, 1.1.0-beta1+android3, 1.1.0-beta1+android4, 1.1.0-beta1+android5, 1.1.0-beta1+ios1, 1.1.0-beta1+ios2, 1.1.0-beta1+ios3, 1.1.0-beta1+ios4, 1.2.0, 1.2.0+android7, 1.2.0+android9, 1.2.0-beta1+android7, 1.2.0-beta1+android9, 2.0.0, 2.0.0+android10, 2.0.0+android11, 2.0.0-beta1+android10, 2.0.0-beta1+android11, 2.0.0-rc0, 2.0.0-rc1, 2.0.0-rc2, 2.0.0-rc3, 2.0.0-rc4

CPE External links

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-w67c-26c4-2h9w

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Out-of-bounds read

Severity: Medium

CVSSv3: 6.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-11040

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in the "clear_decompress_subcode_rlex" function, visualized on screen as color. A remote attacker can trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

FreeRDP: 1.0, 1.0-beta1, 1.0-beta2, 1.0-beta3, 1.0-beta4, 1.0-beta5, 1.0.0, 1.0.1, 1.0.2, 1.0.2-rc1, 1.0.2-rc2, 1.1.0, 1.1.0+android2, 1.1.0+android3, 1.1.0+android4, 1.1.0+android5, 1.1.0+ios1, 1.1.0+ios2, 1.1.0+ios3, 1.1.0+ios4, 1.1.0-beta+2013071101, 1.1.0-beta1, 1.1.0-beta1+android2, 1.1.0-beta1+android3, 1.1.0-beta1+android4, 1.1.0-beta1+android5, 1.1.0-beta1+ios1, 1.1.0-beta1+ios2, 1.1.0-beta1+ios3, 1.1.0-beta1+ios4, 1.2.0, 1.2.0+android7, 1.2.0+android9, 1.2.0-beta1+android7, 1.2.0-beta1+android9, 2.0.0, 2.0.0+android10, 2.0.0+android11, 2.0.0-beta1+android10, 2.0.0-beta1+android11, 2.0.0-rc0, 2.0.0-rc1, 2.0.0-rc2, 2.0.0-rc3, 2.0.0-rc4

CPE External links

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x4wq-m7c9-rjgr

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Integer overflow

Severity: High

CVSSv3: 7 [CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-11039

CWE-ID: CWE-190 - Integer Overflow or Wraparound

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in USB redirection channel. A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

FreeRDP: 1.0, 1.0-beta1, 1.0-beta2, 1.0-beta3, 1.0-beta4, 1.0-beta5, 1.0.0, 1.0.1, 1.0.2, 1.0.2-rc1, 1.0.2-rc2, 1.1.0, 1.1.0+android2, 1.1.0+android3, 1.1.0+android4, 1.1.0+android5, 1.1.0+ios1, 1.1.0+ios2, 1.1.0+ios3, 1.1.0+ios4, 1.1.0-beta+2013071101, 1.1.0-beta1, 1.1.0-beta1+android2, 1.1.0-beta1+android3, 1.1.0-beta1+android4, 1.1.0-beta1+android5, 1.1.0-beta1+ios1, 1.1.0-beta1+ios2, 1.1.0-beta1+ios3, 1.1.0-beta1+ios4, 1.2.0, 1.2.0+android7, 1.2.0+android9, 1.2.0-beta1+android7, 1.2.0-beta1+android9, 2.0.0, 2.0.0+android10, 2.0.0+android11, 2.0.0-beta1+android10, 2.0.0-beta1+android11, 2.0.0-rc0, 2.0.0-rc1, 2.0.0-rc2, 2.0.0-rc3, 2.0.0-rc4

CPE External links

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mx9p-f6q8-mqwq

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Integer overflow

Severity: High

CVSSv3: 8.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-11038

CWE-ID: CWE-190 - Integer Overflow or Wraparound

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in VIDEO channel. A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

FreeRDP: 1.0, 1.0-beta1, 1.0-beta2, 1.0-beta3, 1.0-beta4, 1.0-beta5, 1.0.0, 1.0.1, 1.0.2, 1.0.2-rc1, 1.0.2-rc2, 1.1.0, 1.1.0+android2, 1.1.0+android3, 1.1.0+android4, 1.1.0+android5, 1.1.0+ios1, 1.1.0+ios2, 1.1.0+ios3, 1.1.0+ios4, 1.1.0-beta+2013071101, 1.1.0-beta1, 1.1.0-beta1+android2, 1.1.0-beta1+android3, 1.1.0-beta1+android4, 1.1.0-beta1+android5, 1.1.0-beta1+ios1, 1.1.0-beta1+ios2, 1.1.0-beta1+ios3, 1.1.0-beta1+ios4, 1.2.0, 1.2.0+android7, 1.2.0+android9, 1.2.0-beta1+android7, 1.2.0-beta1+android9, 2.0.0, 2.0.0+android10, 2.0.0+android11, 2.0.0-beta1+android10, 2.0.0-beta1+android11, 2.0.0-rc0, 2.0.0-rc1, 2.0.0-rc2, 2.0.0-rc3, 2.0.0-rc4

CPE External links

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-h25x-cqr6-fp6g

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Out-of-bounds read

Severity: High

CVSSv3: 7.1 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-11019

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information or perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in "update_recv" function, when running with logger set to "WLOG_TRACE". A remote authenticated attacker can trigger out-of-bounds read error and read contents of memory on the system or cause a denial of service condition.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

FreeRDP: 1.0, 1.0-beta1, 1.0-beta2, 1.0-beta3, 1.0-beta4, 1.0-beta5, 1.0.0, 1.0.1, 1.0.2, 1.0.2-rc1, 1.0.2-rc2, 1.1.0, 1.1.0+android2, 1.1.0+android3, 1.1.0+android4, 1.1.0+android5, 1.1.0+ios1, 1.1.0+ios2, 1.1.0+ios3, 1.1.0+ios4, 1.1.0-beta+2013071101, 1.1.0-beta1, 1.1.0-beta1+android2, 1.1.0-beta1+android3, 1.1.0-beta1+android4, 1.1.0-beta1+android5, 1.1.0-beta1+ios1, 1.1.0-beta1+ios2, 1.1.0-beta1+ios3, 1.1.0-beta1+ios4, 1.2.0, 1.2.0+android7, 1.2.0+android9, 1.2.0-beta1+android7, 1.2.0-beta1+android9, 2.0.0, 2.0.0+android10, 2.0.0+android11, 2.0.0-beta1+android10, 2.0.0-beta1+android11, 2.0.0-rc0, 2.0.0-rc1, 2.0.0-rc2, 2.0.0-rc3, 2.0.0-rc4

CPE External links

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wvrr-2f4r-hjvh

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Out-of-bounds read

Severity: Medium

CVSSv3: 7.1 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-11018

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information or perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in the "cliprdr_server_receive_capabilities" function. A remote authenticated attacker can send a specially crafted request, trigger out-of-bounds read error and read contents of memory on the system or cause a denial of service condition.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

FreeRDP: 1.0, 1.0-beta1, 1.0-beta2, 1.0-beta3, 1.0-beta4, 1.0-beta5, 1.0.0, 1.0.1, 1.0.2, 1.0.2-rc1, 1.0.2-rc2, 1.1.0, 1.1.0+android2, 1.1.0+android3, 1.1.0+android4, 1.1.0+android5, 1.1.0+ios1, 1.1.0+ios2, 1.1.0+ios3, 1.1.0+ios4, 1.1.0-beta+2013071101, 1.1.0-beta1, 1.1.0-beta1+android2, 1.1.0-beta1+android3, 1.1.0-beta1+android4, 1.1.0-beta1+android5, 1.1.0-beta1+ios1, 1.1.0-beta1+ios2, 1.1.0-beta1+ios3, 1.1.0-beta1+ios4, 1.2.0, 1.2.0+android7, 1.2.0+android9, 1.2.0-beta1+android7, 1.2.0-beta1+android9, 2.0.0, 2.0.0+android10, 2.0.0+android11, 2.0.0-beta1+android10, 2.0.0-beta1+android11, 2.0.0-rc0, 2.0.0-rc1, 2.0.0-rc2, 2.0.0-rc3, 2.0.0-rc4

CPE External links

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8cvc-vcw7-6mfw

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Double Free

Severity: Medium

CVSSv3: 6.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2020-11017

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in "cliprdr_server_receive_capabilities" function. A remote attacker can pass specially crafted data to the application, trigger double free error and cause a denial of service condition on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

FreeRDP: 1.0, 1.0-beta1, 1.0-beta2, 1.0-beta3, 1.0-beta4, 1.0-beta5, 1.0.0, 1.0.1, 1.0.2, 1.0.2-rc1, 1.0.2-rc2, 1.1.0, 1.1.0+android2, 1.1.0+android3, 1.1.0+android4, 1.1.0+android5, 1.1.0+ios1, 1.1.0+ios2, 1.1.0+ios3, 1.1.0+ios4, 1.1.0-beta+2013071101, 1.1.0-beta1, 1.1.0-beta1+android2, 1.1.0-beta1+android3, 1.1.0-beta1+android4, 1.1.0-beta1+android5, 1.1.0-beta1+ios1, 1.1.0-beta1+ios2, 1.1.0-beta1+ios3, 1.1.0-beta1+ios4, 1.2.0+android7, 1.2.0+android9, 1.2.0-beta1+android7, 1.2.0-beta1+android9, 2.0.0, 2.0.0+android10, 2.0.0+android11, 2.0.0-beta1+android10, 2.0.0-beta1+android11, 2.0.0-rc0, 2.0.0-rc1, 2.0.0-rc2, 2.0.0-rc3, 2.0.0-rc4

CPE External links

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5c8-fm29-q57c
https://exchange.xforce.ibmcloud.com/vulnerabilities/182686

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.