Vulnerability CVE-2020-4030: Information
Description
In FreeRDP before version 2.1.2, there is an out of bounds read in TrioParse. Logging might bypass string length checks due to an integer overflow. This is fixed in version 2.1.2.
Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
|---|---|---|---|---|---|---|
| freerdp | sisyphus | 2.1.2-alt1 | 2.11.7-alt2 | ALT-PU-2020-2225-1 | 253859 | Fixed |
| freerdp | p10 | 2.1.2-alt1 | 2.11.7-alt2 | ALT-PU-2020-2225-1 | 253859 | Fixed |
| freerdp | p9 | 2.1.2-alt1 | 2.9.0-alt1 | ALT-PU-2020-2232-1 | 253866 | Fixed |
| freerdp | c10f1 | 2.1.2-alt1 | 2.11.6-alt1 | ALT-PU-2020-2225-1 | 253859 | Fixed |
| freerdp | c9f2 | 2.1.2-alt1 | 2.11.6-alt1 | ALT-PU-2020-2232-1 | 253866 | Fixed |
| freerdp | p11 | 2.1.2-alt1 | 2.11.7-alt2 | ALT-PU-2020-2225-1 | 253859 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
|---|---|
| http://www.freerdp.com/2020/06/22/2_1_2-released |
|
| https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fjr5-97f5-qq98 |
|
| https://github.com/FreeRDP/FreeRDP/commit/05cd9ea2290d23931f615c1b004d4b2e69074e27 |
|
| openSUSE-SU-2020:1090 |
|
| USN-4481-1 |
|
| [debian-lts-announce] 20231007 [SECURITY] [DLA 3606-1] freerdp2 security update |
|
| FEDORA-2020-8d5f86e29a | |
| FEDORA-2020-a3432485db |