CVE-2020-15103 — LOW (3.5) — White Hats Nepal

Q: How severe is CVE-2020-15103?

CVE-2020-15103 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-15103?

Check the references section above for vendor advisories and patch information. Affected products include: Freerdp Freerdp, Fedoraproject Fedora, Opensuse Leap, Canonical Ubuntu Linux, Debian Debian Linux.

Vulnerability Description

In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. All FreeRDP clients are affected. The input rectangles from the server are not checked against local surface coordinates and blindly accepted. A malicious server can send data that will crash the client later on (invalid length arguments to a `memcpy`) This has been fixed in 2.2.0. As a workaround, stop using command line arguments /gfx, /gfx-h264 and /network:auto

CVSS Score

3.5

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

LOW

Affected Products

Vendor	Product	Versions
Freerdp	Freerdp	<= 2.1.2
Fedoraproject	Fedora	31
Opensuse	Leap	15.1
Canonical	Ubuntu Linux	18.04
Debian	Debian Linux	10.0

Related Weaknesses (CWE)

CWE-680 CWE-190

References

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00010.htmlMailing ListThird Party Advisory
https://github.com/FreeRDP/FreeRDP/blob/616af2d5b86dc24c7b3e89870dbcffd841d9a535Release NotesThird Party Advisory
https://github.com/FreeRDP/FreeRDP/pull/6382PatchThird Party Advisory
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4r38-6hq7-j3j9Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/10/msg00008.htmlMailing ListThird Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://usn.ubuntu.com/4481-1/Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00010.htmlMailing ListThird Party Advisory
https://github.com/FreeRDP/FreeRDP/blob/616af2d5b86dc24c7b3e89870dbcffd841d9a535Release NotesThird Party Advisory
https://github.com/FreeRDP/FreeRDP/pull/6382PatchThird Party Advisory
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4r38-6hq7-j3j9Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/10/msg00008.htmlMailing ListThird Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro

FAQ

What is CVE-2020-15103?

CVE-2020-15103 is a vulnerability with a CVSS score of 3.5 (LOW). In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. All FreeRDP clients are affected. The input rectangles from the server are not ch...

How severe is CVE-2020-15103?

CVE-2020-15103 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-15103?

Check the references section above for vendor advisories and patch information. Affected products include: Freerdp Freerdp, Fedoraproject Fedora, Opensuse Leap, Canonical Ubuntu Linux, Debian Debian Linux.