CVE-2020-15103

Опубликовано: 27 июл. 2020

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS2: 3.5

CVSS3: 3.5

Описание

In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. All FreeRDP clients are affected. The input rectangles from the server are not checked against local surface coordinates and blindly accepted. A malicious server can send data that will crash the client later on (invalid length arguments to a memcpy) This has been fixed in 2.2.0. As a workaround, stop using command line arguments /gfx, /gfx-h264 and /network:auto

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needs-triage
devel	DNE
esm-apps/bionic	needs-triage
esm-infra-legacy/trusty	DNE
esm-infra/focal	DNE
esm-infra/xenial	needs-triage
focal	DNE
groovy	DNE
hirsute	DNE
impish	DNE

Показывать по

Релиз	Статус	Примечание
bionic	released	2.2.0+dfsg1-0ubuntu0.18.04.1
devel	not-affected	2.2.0+dfsg1-1
esm-apps/noble	not-affected	2.2.0+dfsg1-1
esm-infra-legacy/trusty	DNE
esm-infra/bionic	not-affected	2.2.0+dfsg1-0ubuntu0.18.04.1
esm-infra/focal	not-affected	2.2.0+dfsg1-0ubuntu0.20.04.1
focal	released	2.2.0+dfsg1-0ubuntu0.20.04.1
groovy	not-affected	2.2.0+dfsg1-1
hirsute	not-affected	2.2.0+dfsg1-1
impish	not-affected	2.2.0+dfsg1-1

Показывать по

Ссылки на источники

EPSS

Процентиль: 42%

0.00197

Низкий

3.5 Low

CVSS2

3.5 Low

CVSS3

Связанные уязвимости

CVE-2020-15103

CVSS3: 3.5

redhat

почти 5 лет назад

In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. All FreeRDP clients are affected. The input rectangles from the server are not checked against local surface coordinates and blindly accepted. A malicious server can send data that will crash the client later on (invalid length arguments to a `memcpy`) This has been fixed in 2.2.0. As a workaround, stop using command line arguments /gfx, /gfx-h264 and /network:auto

CVE-2020-15103

CVSS3: 3.5

nvd

почти 5 лет назад

In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. All FreeRDP clients are affected. The input rectangles from the server are not checked against local surface coordinates and blindly accepted. A malicious server can send data that will crash the client later on (invalid length arguments to a `memcpy`) This has been fixed in 2.2.0. As a workaround, stop using command line arguments /gfx, /gfx-h264 and /network:auto

CVE-2020-15103

CVSS3: 3.5

debian

почти 5 лет назад

In FreeRDP less than or equal to 2.1.2, an integer overflow exists due ...

openSUSE-SU-2020:1332-1

suse-cvrf

почти 5 лет назад

Security update for freerdp

SUSE-SU-2020:2409-1

suse-cvrf

почти 5 лет назад

Security update for freerdp

EPSS

Процентиль: 42%

0.00197

Низкий

3.5 Low

CVSS2

3.5 Low

CVSS3

CVE-2020-15103

Описание

Пакет freerdp

Пакет freerdp2

Ссылки на источники

Связанные уязвимости