CVE-2020-11038 MEDIUM

CVE-2020-11038: Integer Overflow to Buffer Overflow in FreeRDP

Vendor Freerdp
Product FreeRDP
Weakness CWE-680
Published May 29, 2020
Last update August 4, 2024

CVSS base score

6.9/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:L

What the vulnerability does

01Description

In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer Overflow exists. When using /video redirection, a manipulated server can instruct the client to allocate a buffer with a smaller size than requested due to an integer overflow in size calculation. With later messages, the server can manipulate the client to write data out of bound to the previously allocated buffer. This has been patched in 2.1.0.

Key dates

02Disclosure timeline

May 29, 2020 CVE published
August 4, 2024 Record updated