Vulnerability Description
In FreeRDP less than or equal to 2.0.0, a possible resource exhaustion vulnerability can be performed. Malicious clients could trigger out of bound reads causing memory allocation with random size. This has been fixed in 2.1.0.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Freerdp | Freerdp | <= 2.0.0 |
| Opensuse | Leap | 15.1 |
| Debian | Debian Linux | 10.0 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.htmlMailing ListThird Party Advisory
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8cvc-vcw7-6mfwThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2023/10/msg00008.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.htmlMailing ListThird Party Advisory
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8cvc-vcw7-6mfwThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2023/10/msg00008.htmlMailing ListThird Party Advisory
FAQ
What is CVE-2020-11018?
CVE-2020-11018 is a vulnerability with a CVSS score of 6.5 (MEDIUM). In FreeRDP less than or equal to 2.0.0, a possible resource exhaustion vulnerability can be performed. Malicious clients could trigger out of bound reads causing memory allocation with random size. Th...
How severe is CVE-2020-11018?
CVE-2020-11018 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-11018?
Check the references section above for vendor advisories and patch information. Affected products include: Freerdp Freerdp, Opensuse Leap, Debian Debian Linux.