Main Vulnerability Database SB2020062241

SB2020062241 - Incorrect Conversion between Numeric Types in freerdp (Alpine package)

Published: June 22, 2020

Security Bulletin ID SB2020062241

CSH Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Incorrect Conversion between Numeric Types (CVE-ID: CVE-2020-4032)

CWE-ID: CWE-681 - Incorrect Conversion between Numeric Types

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to gain access to sensitive information on the system.

The vulnerability exists due to an integer casting issue in "update_recv_secondary_order". A remote attacker can gain access to sensitive information on the target system.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=1bb47e3a21445c5f2faa983e5a2f9ac0d4861ca9
https://git.alpinelinux.org/aports/commit/?id=723c4c1dd116dd6a5bc4337744353b36da6dc4de