CVE-2020-13398

HIGH

FreeRDP < 2.1.1 - Out-of-bounds Write in crypto_rsa_common

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-13398. PoCs published by SpiralBL0CK.

AI-analyzed exploit summary This PoC exploits CVE-2020-13398 by crafting a fake RDP license packet with a malformed RSA modulus and exponent, causing a crash in FreeRDP clients. It simulates an RDP server to trigger the vulnerability during the licensing phase.

Description

An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c.

Exploits (1)

nomisec WORKING POC 1 stars

by SpiralBL0CK · poc

https://github.com/SpiralBL0CK/PoC-crash-CVE-2020-13398-

View Code ZIP pw:eip

This PoC exploits CVE-2020-13398 by crafting a fake RDP license packet with a malformed RSA modulus and exponent, causing a crash in FreeRDP clients. It simulates an RDP server to trigger the vulnerability during the licensing phase.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: FreeRDP (versions prior to 2.1.2)

No auth needed

Prerequisites: Network access to target · Target initiates RDP connection to attacker-controlled server

MITRE ATT&CK