CVE-2020-15103

LOW

FreeRDP <=2.1.2 - Buffer Overflow

Title source: llm

Description

In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. All FreeRDP clients are affected. The input rectangles from the server are not checked against local surface coordinates and blindly accepted. A malicious server can send data that will crash the client later on (invalid length arguments to a `memcpy`) This has been fixed in 2.2.0. As a workaround, stop using command line arguments /gfx, /gfx-h264 and /network:auto

References (8)

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOZLH35OJWIQLM7FYDXAP2EAUBDXE76V/

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00010.html

[Third Party Advisory] https://usn.ubuntu.com/4481-1/

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html

[Release Notes, Third Party Advisory] https://github.com/FreeRDP/FreeRDP/blob/616af2d5b86dc24c7b3e89870dbcffd841d9a535/ChangeLog#L4

View Writeup ZIP pw:eip

[Patch, Third Party Advisory] https://github.com/FreeRDP/FreeRDP/pull/6382

[Third Party Advisory] https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4r38-6hq7-j3j9

Scores

CVSS v3 3.5

EPSS 0.0026

EPSS Percentile 49.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

Details

CWE

CWE-190 CWE-680

Status published

Products (7)

canonical/ubuntu_linux 18.04

canonical/ubuntu_linux 20.04

debian/debian_linux 10.0

fedoraproject/fedora 31

fedoraproject/fedora 32

freerdp/freerdp < 2.1.2

opensuse/leap 15.1

Published Jul 27, 2020

Tracked Since Feb 18, 2026