SB2020112621 - Ubuntu update for freerdp

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020112621

SB2020112621 - Ubuntu update for freerdp

Published: November 26, 2020 Updated: April 23, 2025

Security Bulletin ID SB2020112621
CSH Severity
High
Patch available
YES
Number of vulnerabilities 13
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 38% Medium 46% Low 15%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 13 vulnerabilities.


1) Out-of-bounds read (CVE-ID: CVE-2020-11045)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in "update_read_bitmap_data". A remote attacker can trigger out-of-bounds read error and read contents of memory on the system.

Note: This vulnerability affects versions after 1.0


2) Out-of-bounds read (CVE-ID: CVE-2020-11526)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack

The vulnerability exists due to a boundary condition in "update_recv_secondary_order" function in the "libfreerdp/core/update.c" file. A remote attacker can trigger out-of-bounds read error and cause a denial of service condition on the target system.

Note: This vulnerability affects verions greater than 1.1


3) Out-of-bounds read (CVE-ID: CVE-2020-11522)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to gain access to potentially sensitive information or perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in "libfreerdp/gdi/gdi.c". A remote attacker can trigger out-of-bounds read error and read contents of memory on the system or cause a denial of service condition.

Note: This vulnerability afffects versions greater than 1.0


4) Out-of-bounds read (CVE-ID: CVE-2020-11058)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in "rdp_read_font_capability_set". A remote authenticated attacker can trigger out-of-bounds read error and cause a denial of service condition on the target system.

Note: This vulnerability affects versions after 1.1


5) Out-of-bounds write (CVE-ID: CVE-2020-13398)

CWE-ID: CWE-787 - Out-of-bounds write

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input within the crypto_rsa_common() function in libfreerdp/crypto/crypto.c. A remote attacker can send specially crafted data to the application, trigger out-of-bounds write and execute arbitrary code on the target system.


6) Out-of-bounds read (CVE-ID: CVE-2020-13397)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within security_fips_decrypt in libfreerdp/core/security.c due to an uninitialized value. A remote attacker can trigger out-of-bounds read error and read contents of memory on the system.


7) Out-of-bounds read (CVE-ID: CVE-2020-11042)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to gain access to potentially sensitive information or perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in "update_read_icon_info". A remote attacker can trigger out-of-bounds read error and read contents of memory on the system or cause a denial of service condition.

Note: This vulnerability afffects versions greater than 1.1


8) Out-of-bounds read (CVE-ID: CVE-2020-13396)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within ntlm_read_ChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c. A remote attacker can trigger out-of-bounds read error via a specially crafted authentication message and read contents of memory on the system.


9) Out-of-bounds read (CVE-ID: CVE-2020-11046)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in "update_read_synchronize". A remote attacker can trigger out-of-bounds read error and cause a denial of service condition on the target system.

Note: This vulnerability affects versions after 1.0


10) Integer overflow (CVE-ID: CVE-2020-11523)

CWE-ID: CWE-190 - Integer overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in "libfreerdp/gdi/region.c". A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note: This vulnerability affects versions greater than 1.0


11) Out-of-bounds write (CVE-ID: CVE-2020-11521)

CWE-ID: CWE-787 - Out-of-bounds write

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in "libfreerdp/codec/planar.c". A remote attacker can trigger out-of-bounds write and execute arbitrary code on the target system.

Note: This vulnerability affects versions greater than 1.0


12) Out-of-bounds read (CVE-ID: CVE-2020-11048)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in "rdp_read_flow_control_pdu". A remote authenticated attacker can trigger out-of-bounds read error and cause a denial of service condition on the target system.

Note: This vulnerability affects versions after 1.0


13) Out-of-bounds read (CVE-ID: CVE-2020-11525)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in "libfreerdp/cache/bitmap.c". A remote attacker can trigger out-of-bounds read error and read contents of memory on the system.

Note: This vulnerability affects versions greater than 1.0


Remediation

Install update from vendor's website.

References