Vulnerability Description
In FreeRDP less than or equal to 2.0.0, when using a manipulated server with USB redirection enabled (nearly) arbitrary memory can be read and written due to integer overflows in length checks. This has been patched in 2.1.0.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Freerdp | Freerdp | < 2.1.0 |
| Opensuse | Leap | 15.1 |
| Debian | Debian Linux | 10.0 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.htmlThird Party Advisory
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mx9p-f6q8-mqwqThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2023/10/msg00008.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.htmlThird Party Advisory
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mx9p-f6q8-mqwqThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2023/10/msg00008.htmlMailing ListThird Party Advisory
FAQ
What is CVE-2020-11039?
CVE-2020-11039 is a vulnerability with a CVSS score of 8.0 (HIGH). In FreeRDP less than or equal to 2.0.0, when using a manipulated server with USB redirection enabled (nearly) arbitrary memory can be read and written due to integer overflows in length checks. This h...
How severe is CVE-2020-11039?
CVE-2020-11039 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-11039?
Check the references section above for vendor advisories and patch information. Affected products include: Freerdp Freerdp, Opensuse Leap, Debian Debian Linux.