CWE-125
Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
CVE-2020-11047 (GCVE-0-2020-11047)
Vulnerability from cvelistv5 – Published: 2020-05-07 00:00 – Updated: 2024-08-04 11:21
VLAI
Title
Out-of-bounds Read in FreeRDP
Summary
In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bounds read in autodetect_recv_bandwidth_measure_results. A malicious server can extract up to 8 bytes of client memory with a manipulated message by providing a short input and reading the measurement result data. This has been patched in 2.0.0.
Severity
5.5 (Medium)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:21:14.613Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9fw6-m2q8-h5pw"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FreeRDP/FreeRDP/issues/6009"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FreeRDP/FreeRDP/commit/f5e73cc7c9cd973b516a618da877c87b80950b65"
},
{
"name": "USN-4379-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4379-1/"
},
{
"name": "[debian-lts-announce] 20231007 [SECURITY] [DLA 3606-1] freerdp2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FreeRDP",
"vendor": "FreeRDP",
"versions": [
{
"status": "affected",
"version": "\u003e 1.1, \u003c 2.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bounds read in autodetect_recv_bandwidth_measure_results. A malicious server can extract up to 8 bytes of client memory with a manipulated message by providing a short input and reading the measurement result data. This has been patched in 2.0.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-07T20:07:31.471Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9fw6-m2q8-h5pw"
},
{
"url": "https://github.com/FreeRDP/FreeRDP/issues/6009"
},
{
"url": "https://github.com/FreeRDP/FreeRDP/commit/f5e73cc7c9cd973b516a618da877c87b80950b65"
},
{
"name": "USN-4379-1",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/4379-1/"
},
{
"name": "[debian-lts-announce] 20231007 [SECURITY] [DLA 3606-1] freerdp2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html"
}
],
"source": {
"advisory": "GHSA-9fw6-m2q8-h5pw",
"discovery": "UNKNOWN"
},
"title": "Out-of-bounds Read in FreeRDP"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-11047",
"datePublished": "2020-05-07T00:00:00.000Z",
"dateReserved": "2020-03-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:21:14.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11048 (GCVE-0-2020-11048)
Vulnerability from cvelistv5 – Published: 2020-05-07 00:00 – Updated: 2024-08-04 11:21
VLAI
Title
Out-of-bounds Read in FreeRDPrdp_read_flow_control_pdu
Summary
In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bounds read. It only allows to abort a session. No data extraction is possible. This has been fixed in 2.0.0.
Severity
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
7 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:21:14.514Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hv8w-f2hx-5gcv"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FreeRDP/FreeRDP/issues/6007"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FreeRDP/FreeRDP/commit/9301bfe730c66180263248b74353daa99f5a969b"
},
{
"name": "USN-4379-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4379-1/"
},
{
"name": "USN-4382-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4382-1/"
},
{
"name": "[debian-lts-announce] 20200829 [SECURITY] [DLA 2356-1] freerdp security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html"
},
{
"name": "[debian-lts-announce] 20231007 [SECURITY] [DLA 3606-1] freerdp2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FreeRDP",
"vendor": "FreeRDP",
"versions": [
{
"status": "affected",
"version": "\u003e 1.0, \u003c 2.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bounds read. It only allows to abort a session. No data extraction is possible. This has been fixed in 2.0.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 2.2,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-07T20:07:28.378Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hv8w-f2hx-5gcv"
},
{
"url": "https://github.com/FreeRDP/FreeRDP/issues/6007"
},
{
"url": "https://github.com/FreeRDP/FreeRDP/commit/9301bfe730c66180263248b74353daa99f5a969b"
},
{
"name": "USN-4379-1",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/4379-1/"
},
{
"name": "USN-4382-1",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/4382-1/"
},
{
"name": "[debian-lts-announce] 20200829 [SECURITY] [DLA 2356-1] freerdp security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html"
},
{
"name": "[debian-lts-announce] 20231007 [SECURITY] [DLA 3606-1] freerdp2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html"
}
],
"source": {
"advisory": "GHSA-hv8w-f2hx-5gcv",
"discovery": "UNKNOWN"
},
"title": "Out-of-bounds Read in FreeRDPrdp_read_flow_control_pdu"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-11048",
"datePublished": "2020-05-07T00:00:00.000Z",
"dateReserved": "2020-03-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:21:14.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11049 (GCVE-0-2020-11049)
Vulnerability from cvelistv5 – Published: 2020-05-07 00:00 – Updated: 2024-08-04 11:21
VLAI
Title
Out-of-bounds Read in FreeRDPrdp_read_share_control_header
Summary
In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bound read of client memory that is then passed on to the protocol parser. This has been patched in 2.0.0.
Severity
5.5 (Medium)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
7 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:21:14.582Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wwh7-r2r8-xjpr"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FreeRDP/FreeRDP/issues/6008"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FreeRDP/FreeRDP/pull/6019"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FreeRDP/FreeRDP/commit/c367f65d42e0d2e1ca248998175180aa9c2eacd0"
},
{
"name": "USN-4379-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4379-1/"
},
{
"name": "USN-4382-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4382-1/"
},
{
"name": "[debian-lts-announce] 20231007 [SECURITY] [DLA 3606-1] freerdp2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FreeRDP",
"vendor": "FreeRDP",
"versions": [
{
"status": "affected",
"version": "\u003e 1.1, \u003c 2.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bound read of client memory that is then passed on to the protocol parser. This has been patched in 2.0.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-07T20:06:39.403Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wwh7-r2r8-xjpr"
},
{
"url": "https://github.com/FreeRDP/FreeRDP/issues/6008"
},
{
"url": "https://github.com/FreeRDP/FreeRDP/pull/6019"
},
{
"url": "https://github.com/FreeRDP/FreeRDP/commit/c367f65d42e0d2e1ca248998175180aa9c2eacd0"
},
{
"name": "USN-4379-1",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/4379-1/"
},
{
"name": "USN-4382-1",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/4382-1/"
},
{
"name": "[debian-lts-announce] 20231007 [SECURITY] [DLA 3606-1] freerdp2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html"
}
],
"source": {
"advisory": "GHSA-wwh7-r2r8-xjpr",
"discovery": "UNKNOWN"
},
"title": "Out-of-bounds Read in FreeRDPrdp_read_share_control_header"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-11049",
"datePublished": "2020-05-07T00:00:00.000Z",
"dateReserved": "2020-03-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:21:14.582Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11085 (GCVE-0-2020-11085)
Vulnerability from cvelistv5 – Published: 2020-05-29 00:00 – Updated: 2024-08-04 11:21
VLAI
Title
Out-of-bounds Read in FreeRDP
Summary
In FreeRDP before 2.1.0, there is an out-of-bounds read in cliprdr_read_format_list. Clipboard format data read (by client or server) might read data out-of-bounds. This has been fixed in 2.1.0.
Severity
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
4 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:21:14.579Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-2j4w-v45m-95hf"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FreeRDP/FreeRDP/commit/b73143cf7ee5fe4cdabcbf56908aa15d8a883821"
},
{
"name": "openSUSE-SU-2020:1090",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html"
},
{
"name": "[debian-lts-announce] 20231007 [SECURITY] [DLA 3606-1] freerdp2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FreeRDP",
"vendor": "FreeRDP",
"versions": [
{
"status": "affected",
"version": "\u003c 2.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FreeRDP before 2.1.0, there is an out-of-bounds read in cliprdr_read_format_list. Clipboard format data read (by client or server) might read data out-of-bounds. This has been fixed in 2.1.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 2.6,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-07T20:07:29.953Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-2j4w-v45m-95hf"
},
{
"url": "https://github.com/FreeRDP/FreeRDP/commit/b73143cf7ee5fe4cdabcbf56908aa15d8a883821"
},
{
"name": "openSUSE-SU-2020:1090",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html"
},
{
"name": "[debian-lts-announce] 20231007 [SECURITY] [DLA 3606-1] freerdp2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html"
}
],
"source": {
"advisory": "GHSA-2j4w-v45m-95hf",
"discovery": "UNKNOWN"
},
"title": "Out-of-bounds Read in FreeRDP"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-11085",
"datePublished": "2020-05-29T00:00:00.000Z",
"dateReserved": "2020-03-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:21:14.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11086 (GCVE-0-2020-11086)
Vulnerability from cvelistv5 – Published: 2020-05-29 00:00 – Updated: 2024-08-04 11:21
VLAI
Title
Out-of-bounds Read in FreeRDP `ntlm_read_ntlm_v2_response`
Summary
In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_ntlm_v2_client_challenge that reads up to 28 bytes out-of-bound to an internal structure. This has been fixed in 2.1.0.
Severity
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
4 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:21:14.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fg8v-w34r-c974"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FreeRDP/FreeRDP/commit/c098f21fdaadca57ff649eee1674f6cc321a2ec4"
},
{
"name": "openSUSE-SU-2020:1090",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html"
},
{
"name": "[debian-lts-announce] 20231007 [SECURITY] [DLA 3606-1] freerdp2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FreeRDP",
"vendor": "FreeRDP",
"versions": [
{
"status": "affected",
"version": "\u003c= 2.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_ntlm_v2_client_challenge that reads up to 28 bytes out-of-bound to an internal structure. This has been fixed in 2.1.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-07T20:06:31.317Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fg8v-w34r-c974"
},
{
"url": "https://github.com/FreeRDP/FreeRDP/commit/c098f21fdaadca57ff649eee1674f6cc321a2ec4"
},
{
"name": "openSUSE-SU-2020:1090",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html"
},
{
"name": "[debian-lts-announce] 20231007 [SECURITY] [DLA 3606-1] freerdp2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html"
}
],
"source": {
"advisory": "GHSA-fg8v-w34r-c974",
"discovery": "UNKNOWN"
},
"title": "Out-of-bounds Read in FreeRDP `ntlm_read_ntlm_v2_response`"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-11086",
"datePublished": "2020-05-29T00:00:00.000Z",
"dateReserved": "2020-03-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:21:14.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11087 (GCVE-0-2020-11087)
Vulnerability from cvelistv5 – Published: 2020-05-29 00:00 – Updated: 2024-08-04 11:21
VLAI
Title
Out-of-bounds Read in FreeRDP
Summary
In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_AuthenticateMessage. This has been fixed in 2.1.0.
Severity
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
4 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:21:14.621Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-84vj-g73m-chw7"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FreeRDP/FreeRDP/commit/8241ab42fdf0cc89cf69fc574bf6360c9977a0d4"
},
{
"name": "openSUSE-SU-2020:1090",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html"
},
{
"name": "[debian-lts-announce] 20231007 [SECURITY] [DLA 3606-1] freerdp2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FreeRDP",
"vendor": "FreeRDP",
"versions": [
{
"status": "affected",
"version": "\u003c= 2.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_AuthenticateMessage. This has been fixed in 2.1.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-07T20:07:41.939Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-84vj-g73m-chw7"
},
{
"url": "https://github.com/FreeRDP/FreeRDP/commit/8241ab42fdf0cc89cf69fc574bf6360c9977a0d4"
},
{
"name": "openSUSE-SU-2020:1090",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html"
},
{
"name": "[debian-lts-announce] 20231007 [SECURITY] [DLA 3606-1] freerdp2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html"
}
],
"source": {
"advisory": "GHSA-84vj-g73m-chw7",
"discovery": "UNKNOWN"
},
"title": "Out-of-bounds Read in FreeRDP"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-11087",
"datePublished": "2020-05-29T00:00:00.000Z",
"dateReserved": "2020-03-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:21:14.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11088 (GCVE-0-2020-11088)
Vulnerability from cvelistv5 – Published: 2020-05-29 00:00 – Updated: 2024-08-04 11:21
VLAI
Title
Out-of-bound read in FreeRDP
Summary
In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_NegotiateMessage. This has been fixed in 2.1.0.
Severity
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
4 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:21:14.714Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-xh4f-fh87-43hp"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FreeRDP/FreeRDP/commit/8fa38359634a9910b91719818ab02f23c320dbae"
},
{
"name": "openSUSE-SU-2020:1090",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html"
},
{
"name": "[debian-lts-announce] 20231007 [SECURITY] [DLA 3606-1] freerdp2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FreeRDP",
"vendor": "FreeRDP",
"versions": [
{
"status": "affected",
"version": "\u003c= 2.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_NegotiateMessage. This has been fixed in 2.1.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-07T20:06:32.887Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-xh4f-fh87-43hp"
},
{
"url": "https://github.com/FreeRDP/FreeRDP/commit/8fa38359634a9910b91719818ab02f23c320dbae"
},
{
"name": "openSUSE-SU-2020:1090",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html"
},
{
"name": "[debian-lts-announce] 20231007 [SECURITY] [DLA 3606-1] freerdp2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html"
}
],
"source": {
"advisory": "GHSA-xh4f-fh87-43hp",
"discovery": "UNKNOWN"
},
"title": "Out-of-bound read in FreeRDP"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-11088",
"datePublished": "2020-05-29T00:00:00.000Z",
"dateReserved": "2020-03-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:21:14.714Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11089 (GCVE-0-2020-11089)
Vulnerability from cvelistv5 – Published: 2020-05-29 00:00 – Updated: 2024-08-04 11:21
VLAI
Title
Out-of-bound read in FreeRDP
Summary
In FreeRDP before 2.1.0, there is an out-of-bound read in irp functions (parallel_process_irp_create, serial_process_irp_create, drive_process_irp_write, printer_process_irp_write, rdpei_recv_pdu, serial_process_irp_write). This has been fixed in 2.1.0.
Severity
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
5 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:21:14.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hfc7-c5gv-8c2h"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FreeRDP/FreeRDP/commit/6b485b146a1b9d6ce72dfd7b5f36456c166e7a16"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FreeRDP/FreeRDP/commit/795842f4096501fcefc1a7f535ccc8132feb31d7"
},
{
"name": "openSUSE-SU-2020:1090",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html"
},
{
"name": "[debian-lts-announce] 20231007 [SECURITY] [DLA 3606-1] freerdp2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FreeRDP",
"vendor": "FreeRDP",
"versions": [
{
"status": "affected",
"version": "\u003c 2.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FreeRDP before 2.1.0, there is an out-of-bound read in irp functions (parallel_process_irp_create, serial_process_irp_create, drive_process_irp_write, printer_process_irp_write, rdpei_recv_pdu, serial_process_irp_write). This has been fixed in 2.1.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-07T20:07:11.493Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hfc7-c5gv-8c2h"
},
{
"url": "https://github.com/FreeRDP/FreeRDP/commit/6b485b146a1b9d6ce72dfd7b5f36456c166e7a16"
},
{
"url": "https://github.com/FreeRDP/FreeRDP/commit/795842f4096501fcefc1a7f535ccc8132feb31d7"
},
{
"name": "openSUSE-SU-2020:1090",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html"
},
{
"name": "[debian-lts-announce] 20231007 [SECURITY] [DLA 3606-1] freerdp2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html"
}
],
"source": {
"advisory": "GHSA-hfc7-c5gv-8c2h",
"discovery": "UNKNOWN"
},
"title": "Out-of-bound read in FreeRDP"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-11089",
"datePublished": "2020-05-29T00:00:00.000Z",
"dateReserved": "2020-03-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:21:14.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11095 (GCVE-0-2020-11095)
Vulnerability from cvelistv5 – Published: 2020-06-22 00:00 – Updated: 2024-08-04 11:21
VLAI
Title
Global OOB read in update_recv_primary_order in FreeRDP
Summary
In FreeRDP before version 2.1.2, an out of bound reads occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. This is fixed in version 2.1.2.
Severity
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
8 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:21:14.625Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://www.freerdp.com/2020/06/22/2_1_2-released"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-563r-pvh7-4fw2"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FreeRDP/FreeRDP/commit/733ee3208306b1ea32697b356c0215180fc3f049"
},
{
"name": "openSUSE-SU-2020:1090",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html"
},
{
"name": "FEDORA-2020-8d5f86e29a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ/"
},
{
"name": "FEDORA-2020-a3432485db",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOZLH35OJWIQLM7FYDXAP2EAUBDXE76V/"
},
{
"name": "USN-4481-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4481-1/"
},
{
"name": "[debian-lts-announce] 20231007 [SECURITY] [DLA 3606-1] freerdp2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FreeRDP",
"vendor": "FreeRDP",
"versions": [
{
"status": "affected",
"version": "\u003c 2.1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FreeRDP before version 2.1.2, an out of bound reads occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. This is fixed in version 2.1.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-07T20:07:35.073Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "http://www.freerdp.com/2020/06/22/2_1_2-released"
},
{
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-563r-pvh7-4fw2"
},
{
"url": "https://github.com/FreeRDP/FreeRDP/commit/733ee3208306b1ea32697b356c0215180fc3f049"
},
{
"name": "openSUSE-SU-2020:1090",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html"
},
{
"name": "FEDORA-2020-8d5f86e29a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ/"
},
{
"name": "FEDORA-2020-a3432485db",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOZLH35OJWIQLM7FYDXAP2EAUBDXE76V/"
},
{
"name": "USN-4481-1",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/4481-1/"
},
{
"name": "[debian-lts-announce] 20231007 [SECURITY] [DLA 3606-1] freerdp2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html"
}
],
"source": {
"advisory": "GHSA-563r-pvh7-4fw2",
"discovery": "UNKNOWN"
},
"title": "Global OOB read in update_recv_primary_order in FreeRDP"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-11095",
"datePublished": "2020-06-22T00:00:00.000Z",
"dateReserved": "2020-03-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:21:14.625Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11096 (GCVE-0-2020-11096)
Vulnerability from cvelistv5 – Published: 2020-06-22 00:00 – Updated: 2024-08-04 11:21
VLAI
Title
Global OOB read in update_read_cache_bitmap_v3_order in FreeRDP
Summary
In FreeRDP before version 2.1.2, there is a global OOB read in update_read_cache_bitmap_v3_order. As a workaround, one can disable bitmap cache with -bitmap-cache (default). This is fixed in version 2.1.2.
Severity
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
8 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:21:14.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://www.freerdp.com/2020/06/22/2_1_2-released"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mjw7-3mq2-996x"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FreeRDP/FreeRDP/commit/b8beb55913471952f92770c90c372139d78c16c0"
},
{
"name": "openSUSE-SU-2020:1090",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html"
},
{
"name": "FEDORA-2020-8d5f86e29a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ/"
},
{
"name": "FEDORA-2020-a3432485db",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOZLH35OJWIQLM7FYDXAP2EAUBDXE76V/"
},
{
"name": "USN-4481-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4481-1/"
},
{
"name": "[debian-lts-announce] 20231007 [SECURITY] [DLA 3606-1] freerdp2 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FreeRDP",
"vendor": "FreeRDP",
"versions": [
{
"status": "affected",
"version": "\u003c 2.1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In FreeRDP before version 2.1.2, there is a global OOB read in update_read_cache_bitmap_v3_order. As a workaround, one can disable bitmap cache with -bitmap-cache (default). This is fixed in version 2.1.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-07T20:07:23.455Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "http://www.freerdp.com/2020/06/22/2_1_2-released"
},
{
"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mjw7-3mq2-996x"
},
{
"url": "https://github.com/FreeRDP/FreeRDP/commit/b8beb55913471952f92770c90c372139d78c16c0"
},
{
"name": "openSUSE-SU-2020:1090",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html"
},
{
"name": "FEDORA-2020-8d5f86e29a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ/"
},
{
"name": "FEDORA-2020-a3432485db",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOZLH35OJWIQLM7FYDXAP2EAUBDXE76V/"
},
{
"name": "USN-4481-1",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/4481-1/"
},
{
"name": "[debian-lts-announce] 20231007 [SECURITY] [DLA 3606-1] freerdp2 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html"
}
],
"source": {
"advisory": "GHSA-mjw7-3mq2-996x",
"discovery": "UNKNOWN"
},
"title": "Global OOB read in update_read_cache_bitmap_v3_order in FreeRDP"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-11096",
"datePublished": "2020-06-22T00:00:00.000Z",
"dateReserved": "2020-03-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:21:14.608Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation ID: MIT-5
Phase: Implementation
Strategy: Input Validation
Description:
- Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
- When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
- Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.
- To reduce the likelihood of introducing an out-of-bounds read, ensure that you validate and ensure correct calculations for any length argument, buffer size calculation, or offset. Be especially careful of relying on a sentinel (i.e. special character such as NUL) in untrusted inputs.
Mitigation
Phase: Architecture and Design
Strategy: Language Selection
Description:
- Use a language that provides appropriate memory abstractions.
CAPEC-540: Overread Buffers
An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.