Debian 10: DLA-3606-1 Moderate: freerdp2 Buffer Overflows and DoS
debian lts
October 7, 2023
Multiple vulnerabilties have been found in freelrdp2, a free implementation of the Remote Desktop Protocol (RDP)
Summary
CVE-2020-4030
In FreeRDP before version 2.1.2, there is an out of bounds read in
TrioParse. Logging might bypass string length checks due to an
integer overflow. This is fixed in version 2.1.2.
CVE-2020-4031
In FreeRDP before version 2.1.2, there is a use-after-free in
gdi_SelectObject. All FreeRDP clients using compatibility mode with
/relax-order-checks are affected. This is fixed in version 2.1.2.
CVE-2020-4032
In FreeRDP before version 2.1.2, there is an integer casting
vulnerability in update_recv_secondary_order. All clients with
+glyph-cache /relax-order-checks are affected. This is fixed in
version 2.1.2.
CVE-2020-4033
In FreeRDP before version 2.1.2, there is an out of bounds read in
RLEDECOMPRESS. All FreeRDP based clients with sessions with color
depth < 32 are affected. This is fixed in version 2.1.2.
CVE-2020-11017
In FreeRDP less than or equal to 2.0.0, by providing manipulated
PREVIOUS
NEXT
Package: freerdp2
Version: 2.3.0+dfsg1-2+deb10u3
CVE ID: CVE-2020-4030 CVE-2020-4031 CVE-2020-4032 CVE-2020-4033
Debian Bug: 965979 1051638
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!