Product:

Freerdp

(Freerdp)
Date Id Summary Products Score Patch Annotated
2020-05-22 CVE-2020-13396 An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in ntlm_read_ChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c. Ubuntu_linux, Debian_linux, Freerdp, Leap 7.1
2020-05-22 CVE-2020-13397 An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in libfreerdp/core/security.c due to an uninitialized value. Ubuntu_linux, Debian_linux, Freerdp, Leap 5.5
2020-05-22 CVE-2020-13398 An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c. Ubuntu_linux, Debian_linux, Freerdp, Leap 8.3
2020-06-22 CVE-2020-4030 In FreeRDP before version 2.1.2, there is an out of bounds read in TrioParse. Logging might bypass string length checks due to an integer overflow. This is fixed in version 2.1.2. Ubuntu_linux, Debian_linux, Fedora, Freerdp, Leap 6.5
2020-06-22 CVE-2020-4031 In FreeRDP before version 2.1.2, there is a use-after-free in gdi_SelectObject. All FreeRDP clients using compatibility mode with /relax-order-checks are affected. This is fixed in version 2.1.2. Ubuntu_linux, Debian_linux, Fedora, Freerdp, Leap 7.5
2020-06-22 CVE-2020-4032 In FreeRDP before version 2.1.2, there is an integer casting vulnerability in update_recv_secondary_order. All clients with +glyph-cache /relax-order-checks are affected. This is fixed in version 2.1.2. Ubuntu_linux, Debian_linux, Fedora, Freerdp, Leap 4.3
2020-06-22 CVE-2020-4033 In FreeRDP before version 2.1.2, there is an out of bounds read in RLEDECOMPRESS. All FreeRDP based clients with sessions with color depth < 32 are affected. This is fixed in version 2.1.2. Ubuntu_linux, Debian_linux, Fedora, Freerdp, Leap 6.5
2020-07-27 CVE-2020-15103 In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. All FreeRDP clients are affected. The input rectangles from the server are not checked against local surface coordinates and blindly accepted. A malicious server can send data that will crash the client later on (invalid length arguments to a `memcpy`) This has been fixed in 2.2.0. As a workaround, stop using command line arguments /gfx, /gfx-h264 and /network:auto Ubuntu_linux, Debian_linux, Fedora, Freerdp, Leap 3.5
2021-07-30 CVE-2021-37594 In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_request in client/Windows/wf_cliprdr.c has missing input checks for a FILECONTENTS_SIZE File Contents Request PDU. Freerdp 9.8
2021-07-30 CVE-2021-37595 In FreeRDP before 2.4.0 on Windows, wf_cliprdr_server_file_contents_request in client/Windows/wf_cliprdr.c has missing input checks for a FILECONTENTS_RANGE File Contents Request PDU. Freerdp 9.8