[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2020-4030Date: (C)2020-06-23   (M)2023-12-22


In FreeRDP before version 2.1.2, there is an out of bounds read in TrioParse. Logging might bypass string length checks due to an integer overflow. This is fixed in version 2.1.2.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 6.5CVSS Score : 6.4
Exploit Score: 3.9Exploit Score: 10.0
Impact Score: 2.5Impact Score: 4.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: PARTIAL
Scope: UNCHANGEDIntegrity: NONE
Confidentiality: LOWAvailability: PARTIAL
Integrity: NONE 
Availability: LOW 
  
Reference:
FEDORA-2020-8d5f86e29a
FEDORA-2020-a3432485db
USN-4481-1
https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html
http://www.freerdp.com/2020/06/22/2_1_2-released
https://github.com/FreeRDP/FreeRDP/commit/05cd9ea2290d23931f615c1b004d4b2e69074e27
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fjr5-97f5-qq98
openSUSE-SU-2020:1090

CPE    1
cpe:/a:freerdp:freerdp
CWE    1
CWE-125
OVAL    9
oval:org.secpod.oval:def:506083
oval:org.secpod.oval:def:67091
oval:org.secpod.oval:def:118538
oval:org.secpod.oval:def:118552
...

© SecPod Technologies