Description
In FreeRDP before version 2.1.2, there is an out of bounds read in TrioParse. Logging might bypass string length checks due to an integer overflow. This is fixed in version 2.1.2.
References (8)
Core 8
Core References
Mailing List, Third Party Advisory vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOZLH35OJWIQLM7FYDXAP2EAUBDXE76V/
Third Party Advisory vendor-advisory
https://usn.ubuntu.com/4481-1/
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html
Release Notes, Vendor Advisory
http://www.freerdp.com/2020/06/22/2_1_2-released
Patch, Third Party Advisory
https://github.com/FreeRDP/FreeRDP/commit/05cd9ea2290d23931f615c1b004d4b2e69074e27
Third Party Advisory
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fjr5-97f5-qq98
Scores
CVSS v3
3.5
EPSS
0.0004
EPSS Percentile
11.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N
Details
CWE
CWE-190
CWE-125
Status
published
Products (7)
canonical/ubuntu_linux
18.04
canonical/ubuntu_linux
20.04
debian/debian_linux
10.0
fedoraproject/fedora
31
fedoraproject/fedora
32
freerdp/freerdp
< 2.1.2
opensuse/leap
15.1
Published
Jun 22, 2020
Tracked Since
Feb 18, 2026