CVE-2020-4030

Опубликовано: 22 июн. 2020

Источник: nvd

CVSS3: 3.5

CVSS3: 6.5

CVSS2: 6.4

EPSS Низкий

Описание

In FreeRDP before version 2.1.2, there is an out of bounds read in TrioParse. Logging might bypass string length checks due to an integer overflow. This is fixed in version 2.1.2.

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html
Mailing List
Third Party Advisory
http://www.freerdp.com/2020/06/22/2_1_2-released
Release Notes
Vendor Advisory
https://github.com/FreeRDP/FreeRDP/commit/05cd9ea2290d23931f615c1b004d4b2e69074e27
Patch
Third Party Advisory
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fjr5-97f5-qq98
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOZLH35OJWIQLM7FYDXAP2EAUBDXE76V/
https://usn.ubuntu.com/4481-1/
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html
Mailing List
Third Party Advisory
http://www.freerdp.com/2020/06/22/2_1_2-released
Release Notes
Vendor Advisory
https://github.com/FreeRDP/FreeRDP/commit/05cd9ea2290d23931f615c1b004d4b2e69074e27
Patch
Third Party Advisory
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fjr5-97f5-qq98
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOZLH35OJWIQLM7FYDXAP2EAUBDXE76V/
https://usn.ubuntu.com/4481-1/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*

Версия до 2.1.2 (исключая)

Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*

Конфигурация 5

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

EPSS

Процентиль: 8%

0.00035

Низкий

3.5 Low

CVSS3

6.5 Medium

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-125

CWE-190

Связанные уязвимости

CVE-2020-4030

CVSS3: 3.5

ubuntu

около 5 лет назад

In FreeRDP before version 2.1.2, there is an out of bounds read in TrioParse. Logging might bypass string length checks due to an integer overflow. This is fixed in version 2.1.2.

CVE-2020-4030

CVSS3: 6.5

redhat

около 5 лет назад

In FreeRDP before version 2.1.2, there is an out of bounds read in TrioParse. Logging might bypass string length checks due to an integer overflow. This is fixed in version 2.1.2.

CVE-2020-4030

CVSS3: 3.5

debian

около 5 лет назад

In FreeRDP before version 2.1.2, there is an out of bounds read in Tri ...

BDU:2021-01350

CVSS3: 6.5

fstec

около 5 лет назад

Уязвимость компонента TrioParse реализации протокола удалённого рабочего стола FreeRDP, позволяющая нарушителю получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании

RLSA-2021:1849

rocky

около 4 лет назад

Moderate: freerdp security, bug fix, and enhancement update

EPSS

Процентиль: 8%

0.00035

Низкий

3.5 Low

CVSS3

6.5 Medium

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-125

CWE-190