Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-15103

Опубликовано: 27 июл. 2020
Источник: nvd
CVSS3: 3.5
CVSS2: 3.5
EPSS Низкий

Описание

In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. All FreeRDP clients are affected. The input rectangles from the server are not checked against local surface coordinates and blindly accepted. A malicious server can send data that will crash the client later on (invalid length arguments to a memcpy) This has been fixed in 2.2.0. As a workaround, stop using command line arguments /gfx, /gfx-h264 and /network:auto

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*
Версия до 2.1.2 (включая)
Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
Конфигурация 3
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
Конфигурация 5
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

EPSS

Процентиль: 42%
0.00197
Низкий

3.5 Low

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-680
CWE-190

Связанные уязвимости

ubuntu логотип

CVE-2020-15103

CVSS3: 3.5
ubuntu
почти 5 лет назад

In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. All FreeRDP clients are affected. The input rectangles from the server are not checked against local surface coordinates and blindly accepted. A malicious server can send data that will crash the client later on (invalid length arguments to a `memcpy`) This has been fixed in 2.2.0. As a workaround, stop using command line arguments /gfx, /gfx-h264 and /network:auto

redhat логотип

CVE-2020-15103

CVSS3: 3.5
redhat
почти 5 лет назад

In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. All FreeRDP clients are affected. The input rectangles from the server are not checked against local surface coordinates and blindly accepted. A malicious server can send data that will crash the client later on (invalid length arguments to a `memcpy`) This has been fixed in 2.2.0. As a workaround, stop using command line arguments /gfx, /gfx-h264 and /network:auto

debian логотип

CVE-2020-15103

CVSS3: 3.5
debian
почти 5 лет назад

In FreeRDP less than or equal to 2.1.2, an integer overflow exists due ...

suse-cvrf логотип

openSUSE-SU-2020:1332-1

suse-cvrf
почти 5 лет назад

Security update for freerdp

suse-cvrf логотип

SUSE-SU-2020:2409-1

suse-cvrf
почти 5 лет назад

Security update for freerdp

EPSS

Процентиль: 42%
0.00197
Низкий

3.5 Low

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-680
CWE-190