Vulnerability CVE-2020-13397: Information
Description
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in libfreerdp/core/security.c due to an uninitialized value.
Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
freerdp | sisyphus | 2.1.1-alt1 | 2.11.7-alt1.1 | ALT-PU-2020-1985-1 | 252012 | Fixed |
freerdp | p10 | 2.1.1-alt1 | 2.11.6-alt1 | ALT-PU-2020-1985-1 | 252012 | Fixed |
freerdp | p9 | 2.1.1-alt1 | 2.9.0-alt1 | ALT-PU-2020-2000-1 | 252016 | Fixed |
freerdp | c10f1 | 2.1.1-alt1 | 2.11.6-alt1 | ALT-PU-2020-1985-1 | 252012 | Fixed |
freerdp | c9f2 | 2.1.1-alt1 | 2.11.6-alt1 | ALT-PU-2020-2000-1 | 252016 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://github.com/FreeRDP/FreeRDP/commit/d6cd14059b257318f176c0ba3ee0a348826a9ef8 |
|
https://github.com/FreeRDP/FreeRDP/compare/2.1.0...2.1.1 |
|
https://github.com/FreeRDP/FreeRDP/commit/8fb6336a4072abcee8ce5bd6ae91104628c7bb69 |
|
USN-4379-1 |
|
USN-4382-1 |
|
openSUSE-SU-2020:1090 |
|
[debian-lts-announce] 20200829 [SECURITY] [DLA 2356-1] freerdp security update |
|
[debian-lts-announce] 20231007 [SECURITY] [DLA 3606-1] freerdp2 security update |
|