CVE-2020-15103

low
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. All FreeRDP clients are affected. The input rectangles from the server are not checked against local surface coordinates and blindly accepted. A malicious server can send data that will crash the client later on (invalid length arguments to a `memcpy`) This has been fixed in 2.2.0. As a workaround, stop using command line arguments /gfx, /gfx-h264 and /network:auto

References

https://github.com/FreeRDP/FreeRDP/pull/6382

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4r38-6hq7-j3j9

https://github.com/FreeRDP/FreeRDP/blob/616af2d5b86dc24c7b3e89870dbcffd841d9a535/ChangeLog#L4

https://lists.fedoraproject.org/archives/list/[email protected]/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ/

https://lists.fedoraproject.org/archives/list/[email protected]/message/XOZLH35OJWIQLM7FYDXAP2EAUBDXE76V/

http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00010.html

https://usn.ubuntu.com/4481-1/

Details

Source: MITRE

Published: 2020-07-27

Updated: 2021-11-18

Type: CWE-190

Risk Information

CVSS v2

Base Score: 3.5

Vector: AV:N/AC:M/Au:S/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 6.8

Severity: LOW

CVSS v3

Base Score: 3.5

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

Impact Score: 1.4

Exploitability Score: 2.1

Severity: LOW

Tenable Plugins

View all (8 total)

IDNameProductFamilySeverity
149961Oracle Linux 8 : freerdp (ELSA-2021-1849)NessusOracle Linux Local Security Checks
medium
149733CentOS 8 : freerdp (CESA-2021:1849)NessusCentOS Local Security Checks
medium
149700RHEL 8 : freerdp (RHSA-2021:1849)NessusRed Hat Local Security Checks
medium
140367openSUSE Security Update : freerdp (openSUSE-2020-1332)NessusSuSE Local Security Checks
low
140179Ubuntu 18.04 LTS / 20.04 : FreeRDP vulnerabilities (USN-4481-1)NessusUbuntu Local Security Checks
medium
139263Fedora 31 : 2:freerdp (2020-a3432485db)NessusFedora Local Security Checks
medium
139111FreeBSD : FreeRDP -- Integer overflow in RDPEGFX channel (a955cdb7-d089-11ea-8c6f-080027eedc6a)NessusFreeBSD Local Security Checks
low
139103Fedora 32 : 2:freerdp (2020-8d5f86e29a)NessusFedora Local Security Checks
medium