In FreeRDP before version 2.1.2, there is an out of bounds read in TrioParse. Logging might bypass string length checks due to an integer overflow. This is fixed in version 2.1.2.
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html | Mailing List Third Party Advisory |
http://www.freerdp.com/2020/06/22/2_1_2-released | Release Notes Vendor Advisory |
https://github.com/FreeRDP/FreeRDP/commit/05cd9ea2290d23931f615c1b004d4b2e69074e27 | Patch Third Party Advisory |
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fjr5-97f5-qq98 | Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html | Mailing List Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ/ | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOZLH35OJWIQLM7FYDXAP2EAUBDXE76V/ | |
https://usn.ubuntu.com/4481-1/ | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2020-06-22T00:00:00
Updated: 2023-10-07T20:07:13.272059
Reserved: 2019-12-30T00:00:00
Link: CVE-2020-4030
JSON object: View
NVD Information
Status : Modified
Published: 2020-06-22T22:15:13.087
Modified: 2023-11-07T03:23:09.907
Link: CVE-2020-4030
JSON object: View
Redhat Information
No data.