Vulnerability-Lookup

WID-SEC-W-2026-0897

Vulnerability from csaf_certbund - Published: 2020-05-28 22:00 - Updated: 2026-05-31 22:00

Summary

Red Hat Enterprise Linux: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Red Hat Enterprise Linux (RHEL) ist eine populäre Linux-Distribution.

Angriff: Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.

Betroffene Betriebssysteme: - Linux

CVE-2020-11521

Affected products

Known affected 4 products

Product	Identifier	Version
Red Hat Enterprise Linux 7 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:7`	7
Open Source CentOS Open Source	`cpe:/o:centos:centos:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Red Hat Enterprise Linux 8 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:8`	8

CVE-2020-11523

Affected products

Known affected 4 products

Product	Identifier	Version
Red Hat Enterprise Linux 7 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:7`	7
Open Source CentOS Open Source	`cpe:/o:centos:centos:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Red Hat Enterprise Linux 8 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:8`	8

CVE-2020-11524

Affected products

Known affected 4 products

Product	Identifier	Version
Red Hat Enterprise Linux 7 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:7`	7
Open Source CentOS Open Source	`cpe:/o:centos:centos:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Red Hat Enterprise Linux 8 Red Hat / Enterprise Linux	`cpe:/o:redhat:enterprise_linux:8`	8

References

10 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://access.redhat.com/errata/RHSA-2020:2334	external
https://access.redhat.com/errata/RHSA-2020:2335	external
https://access.redhat.com/errata/RHSA-2020:2336	external
http://centos-announce.2309468.n4.nabble.com/Cent…	external
https://access.redhat.com/errata/RHSA-2020:2354	external
https://oss.oracle.com/pipermail/el-errata/2020-J…	external
https://linux.oracle.com/errata/ELSA-2026-4471.html	external
http://linux.oracle.com/errata/ELSA-2026-7292.html	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Red Hat Enterprise Linux (RHEL) ist eine popul\u00e4re Linux-Distribution.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Red Hat Enterprise Linux ausnutzen, um einen nicht n\u00e4her spezifizierten Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-0897 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2020/wid-sec-w-2026-0897.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-0897 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0897"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:2334 vom 2020-05-28",
        "url": "https://access.redhat.com/errata/RHSA-2020:2334"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:2335 vom 2020-05-28",
        "url": "https://access.redhat.com/errata/RHSA-2020:2335"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:2336 vom 2020-05-28",
        "url": "https://access.redhat.com/errata/RHSA-2020:2336"
      },
      {
        "category": "external",
        "summary": "CentOS Security Advisory CESA-2020:2334 vom 2020-06-01",
        "url": "http://centos-announce.2309468.n4.nabble.com/CentOS-announce-CESA-2020-2334-Important-CentOS-7-freerdp-Security-Update-tp4645944.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2020:2354 vom 2020-06-02",
        "url": "https://access.redhat.com/errata/RHSA-2020:2354"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2020-2334 vom 2020-06-05",
        "url": "https://oss.oracle.com/pipermail/el-errata/2020-June/009996.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-4471 vom 2026-03-27",
        "url": "https://linux.oracle.com/errata/ELSA-2026-4471.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-7292 vom 2026-05-29",
        "url": "http://linux.oracle.com/errata/ELSA-2026-7292.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Red Hat Enterprise Linux: Mehrere Schwachstellen erm\u00f6glichen nicht spezifizierten Angriff",
    "tracking": {
      "current_release_date": "2026-05-31T22:00:00.000+00:00",
      "generator": {
        "date": "2026-06-01T06:37:27.983+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.6.0"
        }
      },
      "id": "WID-SEC-W-2026-0897",
      "initial_release_date": "2020-05-28T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2020-05-28T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2020-06-01T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von CentOS aufgenommen"
        },
        {
          "date": "2020-06-02T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2020-06-04T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2026-03-29T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2026-05-31T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        }
      ],
      "status": "final",
      "version": "6"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source CentOS",
            "product": {
              "name": "Open Source CentOS",
              "product_id": "1727",
              "product_identification_helper": {
                "cpe": "cpe:/o:centos:centos:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "7",
                "product": {
                  "name": "Red Hat Enterprise Linux 7",
                  "product_id": "T007578",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8",
                "product": {
                  "name": "Red Hat Enterprise Linux 8",
                  "product_id": "T014111",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:8"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Enterprise Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-11521",
      "product_status": {
        "known_affected": [
          "T007578",
          "1727",
          "T004914",
          "T014111"
        ]
      },
      "release_date": "2020-05-28T22:00:00.000+00:00",
      "title": "CVE-2020-11521"
    },
    {
      "cve": "CVE-2020-11523",
      "product_status": {
        "known_affected": [
          "T007578",
          "1727",
          "T004914",
          "T014111"
        ]
      },
      "release_date": "2020-05-28T22:00:00.000+00:00",
      "title": "CVE-2020-11523"
    },
    {
      "cve": "CVE-2020-11524",
      "product_status": {
        "known_affected": [
          "T007578",
          "1727",
          "T004914",
          "T014111"
        ]
      },
      "release_date": "2020-05-28T22:00:00.000+00:00",
      "title": "CVE-2020-11524"
    }
  ]
}

CVE-2020-11521 (GCVE-0-2020-11521)

Vulnerability from cvelistv5 – Published: 2020-05-15 16:07 – Updated: 2024-08-04 11:35

Summary

libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write.

Severity

No CVSS data available.

CWE

Assigner

mitre

References

7 references

URL	Tags
https://github.com/FreeRDP/FreeRDP/commits/master	x_refsource_MISC
https://github.com/FreeRDP/FreeRDP/security/advis…	x_refsource_CONFIRM
https://pub.freerdp.com/cve/CVE-2020-11521/pocAna…	x_refsource_CONFIRM
https://usn.ubuntu.com/4379-1/	vendor-advisoryx_refsource_UBUNTU
https://usn.ubuntu.com/4382-1/	vendor-advisoryx_refsource_UBUNTU
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:35:13.172Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FreeRDP/FreeRDP/commits/master"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5cwc-6wc9-255w"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://pub.freerdp.com/cve/CVE-2020-11521/pocAnalysis_6.pdf"
          },
          {
            "name": "USN-4379-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4379-1/"
          },
          {
            "name": "USN-4382-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4382-1/"
          },
          {
            "name": "openSUSE-SU-2020:1090",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html"
          },
          {
            "name": "[debian-lts-announce] 20200829 [SECURITY] [DLA 2356-1] freerdp security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "libfreerdp/codec/planar.c in FreeRDP version \u003e 1.0 through 2.0.0-rc4 has an Out-of-bounds Write."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-08-30T01:06:07.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FreeRDP/FreeRDP/commits/master"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5cwc-6wc9-255w"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://pub.freerdp.com/cve/CVE-2020-11521/pocAnalysis_6.pdf"
        },
        {
          "name": "USN-4379-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4379-1/"
        },
        {
          "name": "USN-4382-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4382-1/"
        },
        {
          "name": "openSUSE-SU-2020:1090",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html"
        },
        {
          "name": "[debian-lts-announce] 20200829 [SECURITY] [DLA 2356-1] freerdp security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-11521",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "libfreerdp/codec/planar.c in FreeRDP version \u003e 1.0 through 2.0.0-rc4 has an Out-of-bounds Write."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/FreeRDP/FreeRDP/commits/master",
              "refsource": "MISC",
              "url": "https://github.com/FreeRDP/FreeRDP/commits/master"
            },
            {
              "name": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5cwc-6wc9-255w",
              "refsource": "CONFIRM",
              "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5cwc-6wc9-255w"
            },
            {
              "name": "https://pub.freerdp.com/cve/CVE-2020-11521/pocAnalysis_6.pdf",
              "refsource": "CONFIRM",
              "url": "https://pub.freerdp.com/cve/CVE-2020-11521/pocAnalysis_6.pdf"
            },
            {
              "name": "USN-4379-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4379-1/"
            },
            {
              "name": "USN-4382-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4382-1/"
            },
            {
              "name": "openSUSE-SU-2020:1090",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html"
            },
            {
              "name": "[debian-lts-announce] 20200829 [SECURITY] [DLA 2356-1] freerdp security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-11521",
    "datePublished": "2020-05-15T16:07:52.000Z",
    "dateReserved": "2020-04-04T00:00:00.000Z",
    "dateUpdated": "2024-08-04T11:35:13.172Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-11523 (GCVE-0-2020-11523)

Vulnerability from cvelistv5 – Published: 2020-05-15 16:12 – Updated: 2024-08-04 11:35

Summary

libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Integer Overflow.

Severity

No CVSS data available.

CWE

Assigner

mitre

References

7 references

URL	Tags
https://github.com/FreeRDP/FreeRDP/commits/master	x_refsource_MISC
https://github.com/FreeRDP/FreeRDP/security/advis…	x_refsource_CONFIRM
https://pub.freerdp.com/cve/CVE-2020-11523/pocAna…	x_refsource_CONFIRM
https://usn.ubuntu.com/4379-1/	vendor-advisoryx_refsource_UBUNTU
https://usn.ubuntu.com/4382-1/	vendor-advisoryx_refsource_UBUNTU
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
https://lists.debian.org/debian-lts-announce/2020…	mailing-listx_refsource_MLIST

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:35:12.831Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FreeRDP/FreeRDP/commits/master"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4qrh-8cp8-4x42"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://pub.freerdp.com/cve/CVE-2020-11523/pocAnalysis_2.pdf"
          },
          {
            "name": "USN-4379-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4379-1/"
          },
          {
            "name": "USN-4382-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4382-1/"
          },
          {
            "name": "openSUSE-SU-2020:1090",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html"
          },
          {
            "name": "[debian-lts-announce] 20200829 [SECURITY] [DLA 2356-1] freerdp security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "libfreerdp/gdi/region.c in FreeRDP versions \u003e 1.0 through 2.0.0-rc4 has an Integer Overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-08-30T01:06:09.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FreeRDP/FreeRDP/commits/master"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4qrh-8cp8-4x42"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://pub.freerdp.com/cve/CVE-2020-11523/pocAnalysis_2.pdf"
        },
        {
          "name": "USN-4379-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4379-1/"
        },
        {
          "name": "USN-4382-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4382-1/"
        },
        {
          "name": "openSUSE-SU-2020:1090",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html"
        },
        {
          "name": "[debian-lts-announce] 20200829 [SECURITY] [DLA 2356-1] freerdp security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-11523",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "libfreerdp/gdi/region.c in FreeRDP versions \u003e 1.0 through 2.0.0-rc4 has an Integer Overflow."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/FreeRDP/FreeRDP/commits/master",
              "refsource": "MISC",
              "url": "https://github.com/FreeRDP/FreeRDP/commits/master"
            },
            {
              "name": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4qrh-8cp8-4x42",
              "refsource": "CONFIRM",
              "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4qrh-8cp8-4x42"
            },
            {
              "name": "https://pub.freerdp.com/cve/CVE-2020-11523/pocAnalysis_2.pdf",
              "refsource": "CONFIRM",
              "url": "https://pub.freerdp.com/cve/CVE-2020-11523/pocAnalysis_2.pdf"
            },
            {
              "name": "USN-4379-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4379-1/"
            },
            {
              "name": "USN-4382-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4382-1/"
            },
            {
              "name": "openSUSE-SU-2020:1090",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html"
            },
            {
              "name": "[debian-lts-announce] 20200829 [SECURITY] [DLA 2356-1] freerdp security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-11523",
    "datePublished": "2020-05-15T16:12:56.000Z",
    "dateReserved": "2020-04-04T00:00:00.000Z",
    "dateUpdated": "2024-08-04T11:35:12.831Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-11524 (GCVE-0-2020-11524)

Vulnerability from cvelistv5 – Published: 2020-05-15 16:14 – Updated: 2024-08-04 11:35

Summary

libfreerdp/codec/interleaved.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write.

Severity

No CVSS data available.

CWE

Assigner

mitre

References

5 references

URL	Tags
https://github.com/FreeRDP/FreeRDP/commits/master	x_refsource_MISC
https://github.com/FreeRDP/FreeRDP/security/advis…	x_refsource_CONFIRM
https://pub.freerdp.com/cve/CVE-2020-11524/pocAna…	x_refsource_CONFIRM
https://usn.ubuntu.com/4379-1/	vendor-advisoryx_refsource_UBUNTU
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:35:13.081Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FreeRDP/FreeRDP/commits/master"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgw8-3mp2-p5qw"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://pub.freerdp.com/cve/CVE-2020-11524/pocAnalysis_3.pdf"
          },
          {
            "name": "USN-4379-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4379-1/"
          },
          {
            "name": "openSUSE-SU-2020:1090",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "libfreerdp/codec/interleaved.c in FreeRDP versions \u003e 1.0 through 2.0.0-rc4 has an Out-of-bounds Write."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-26T23:06:26.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FreeRDP/FreeRDP/commits/master"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgw8-3mp2-p5qw"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://pub.freerdp.com/cve/CVE-2020-11524/pocAnalysis_3.pdf"
        },
        {
          "name": "USN-4379-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4379-1/"
        },
        {
          "name": "openSUSE-SU-2020:1090",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-11524",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "libfreerdp/codec/interleaved.c in FreeRDP versions \u003e 1.0 through 2.0.0-rc4 has an Out-of-bounds Write."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/FreeRDP/FreeRDP/commits/master",
              "refsource": "MISC",
              "url": "https://github.com/FreeRDP/FreeRDP/commits/master"
            },
            {
              "name": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgw8-3mp2-p5qw",
              "refsource": "CONFIRM",
              "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgw8-3mp2-p5qw"
            },
            {
              "name": "https://pub.freerdp.com/cve/CVE-2020-11524/pocAnalysis_3.pdf",
              "refsource": "CONFIRM",
              "url": "https://pub.freerdp.com/cve/CVE-2020-11524/pocAnalysis_3.pdf"
            },
            {
              "name": "USN-4379-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4379-1/"
            },
            {
              "name": "openSUSE-SU-2020:1090",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-11524",
    "datePublished": "2020-05-15T16:14:32.000Z",
    "dateReserved": "2020-04-04T00:00:00.000Z",
    "dateUpdated": "2024-08-04T11:35:13.081Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2026-0897

CVE-2020-11521 (GCVE-0-2020-11521)

CVE-2020-11523 (GCVE-0-2020-11523)

CVE-2020-11524 (GCVE-0-2020-11524)

Tags

Sightings

Nomenclature