In FreeRDP before version 2.1.2, there is an out of bounds read in TrioParse. Logging might bypass string length checks due to an integer overflow. This is fixed in version 2.1.2.
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html | Mailing List Third Party Advisory |
http://www.freerdp.com/2020/06/22/2_1_2-released | Release Notes Vendor Advisory |
https://github.com/FreeRDP/FreeRDP/commit/05cd9ea2290d23931f615c1b004d4b2e69074e27 | Patch Third Party Advisory |
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fjr5-97f5-qq98 | Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html | Mailing List Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ/ | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOZLH35OJWIQLM7FYDXAP2EAUBDXE76V/ | |
https://usn.ubuntu.com/4481-1/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
History
07 Nov 2023, 03:23
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
20 Oct 2023, 19:27
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
|
First Time |
Debian debian Linux
Debian |
|
References | (MLIST) https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html - Mailing List, Third Party Advisory |
07 Oct 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-125 | |
References |
|
07 Oct 2021, 17:22
Type | Values Removed | Values Added |
---|---|---|
References | (UBUNTU) https://usn.ubuntu.com/4481-1/ - Third Party Advisory | |
CWE | CWE-190 | |
CPE | cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:* cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* |
Information
Published : 2020-06-22 22:15
Updated : 2023-12-10 13:27
NVD link : CVE-2020-4030
Mitre link : CVE-2020-4030
CVE.ORG link : CVE-2020-4030
JSON object : View
Products Affected
opensuse
- leap
canonical
- ubuntu_linux
fedoraproject
- fedora
debian
- debian_linux
freerdp
- freerdp