Описание
In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bounds read in autodetect_recv_bandwidth_measure_results. A malicious server can extract up to 8 bytes of client memory with a manipulated message by providing a short input and reading the measurement result data. This has been patched in 2.0.0.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | freerdp | Out of support scope | ||
| Red Hat Enterprise Linux 7 | freerdp | Fixed | RHSA-2020:4031 | 29.09.2020 |
| Red Hat Enterprise Linux 8 | freerdp | Fixed | RHSA-2020:4647 | 04.11.2020 |
| Red Hat Enterprise Linux 8 | vinagre | Fixed | RHSA-2020:4647 | 04.11.2020 |
Показывать по
Дополнительная информация
Статус:
EPSS
5.9 Medium
CVSS3
Связанные уязвимости
In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bounds read in autodetect_recv_bandwidth_measure_results. A malicious server can extract up to 8 bytes of client memory with a manipulated message by providing a short input and reading the measurement result data. This has been patched in 2.0.0.
In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bounds read in autodetect_recv_bandwidth_measure_results. A malicious server can extract up to 8 bytes of client memory with a manipulated message by providing a short input and reading the measurement result data. This has been patched in 2.0.0.
In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bounds read ...
Уязвимость функции autodetect_recv_bandwidth_measure_results) RDP-клиента FreeRDP, позволяющая нарушителю раскрыть защищаемую информацию или вызвать отказ в обслуживании
Moderate: freerdp and vinagre security, bug fix, and enhancement update
EPSS
5.9 Medium
CVSS3