CVE-2020-11099 LOW

CVE-2020-11099: OOB Read in license_read_new_or_upgrade_license_packet in FreeRDP

Vendor Freerdp
Product FreeRDP
Weakness CWE-125
Published June 22, 2020
Last update August 4, 2024

CVSS base score

3.5/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N

What the vulnerability does

01Description

In FreeRDP before version 2.1.2, there is an out of bounds read in license_read_new_or_upgrade_license_packet. A manipulated license packet can lead to out of bound reads to an internal buffer. This is fixed in version 2.1.2.

Key dates

02Disclosure timeline

June 22, 2020 CVE published
August 4, 2024 Record updated