CVE-2020-4032

LOW

FreeRDP <2.1.2 - Buffer Overflow

Title source: llm
STIX 2.1

Description

In FreeRDP before version 2.1.2, there is an integer casting vulnerability in update_recv_secondary_order. All clients with +glyph-cache /relax-order-checks are affected. This is fixed in version 2.1.2.

References (8)

Scores

CVSS v3 3.1
EPSS 0.0041
EPSS Percentile 61.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

Details

CWE
CWE-681
Status published
Products (7)
canonical/ubuntu_linux 18.04
canonical/ubuntu_linux 20.04
debian/debian_linux 10.0
fedoraproject/fedora 31
fedoraproject/fedora 32
freerdp/freerdp < 2.1.2
opensuse/leap 15.1
Published Jun 22, 2020
Tracked Since Feb 18, 2026