CVE-2020-11019

MEDIUM

FreeRDP <= 2.0.0 - Out-of-bounds Read via WLOG_TRACE Logger

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-11019. PoCs published by Lixterclarixe.

AI-analyzed exploit summary This repository provides a writeup for CVE-2020-11019, a DoS vulnerability in FreeRDP <= 2.0.0 caused by an invalid array index read when logging is set to WLOG_TRACE. No exploit code is present.

Description

In FreeRDP less than or equal to 2.0.0, when running with logger set to "WLOG_TRACE", a possible crash of application could occur due to a read of an invalid array index. Data could be printed as string to local terminal. This has been fixed in 2.1.0.

Exploits (1)

nomisec WRITEUP

by Lixterclarixe · poc

https://github.com/Lixterclarixe/CVE-2020-11019

View Code ZIP pw:eip

This repository provides a writeup for CVE-2020-11019, a DoS vulnerability in FreeRDP <= 2.0.0 caused by an invalid array index read when logging is set to WLOG_TRACE. No exploit code is present.

Classification

Writeup 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Theoretical

Target: FreeRDP <= 2.0.0

No auth needed

Prerequisites: FreeRDP with logger set to WLOG_TRACE

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Mailing List, Third Party Advisory vendor-advisory

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html

Mailing List, Third Party Advisory mailing-list

https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html

Third Party Advisory

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wvrr-2f4r-hjvh

Scores

CVSS v3 4.3

EPSS 0.0254

EPSS Percentile 82.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Details

CWE

CWE-125

Status published

Products (3)

debian/debian_linux 10.0

freerdp/freerdp < 2.1.0

opensuse/leap 15.1

Published May 29, 2020

Tracked Since Feb 18, 2026