Candidate: CVE-2020-11038
PublicDate: 2020-05-29 19:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11038
 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-h25x-cqr6-fp6g
Description:
 In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer
 Overflow exists. When using /video redirection, a manipulated server can
 instruct the client to allocate a buffer with a smaller size than requested
 due to an integer overflow in size calculation. With later messages, the
 server can manipulate the client to write data out of bound to the
 previously allocated buffer. This has been patched in 2.1.0.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L [5.4 MEDIUM]


Patches_freerdp2:
 upstream: https://github.com/FreeRDP/FreeRDP/commit/06c32f170093a6ecde93e3bc07fed6a706bfbeb3
upstream_freerdp2: released (2.1.1+dfsg1-1)
precise/esm_freerdp2: DNE
trusty_freerdp2: ignored (out of standard support)
trusty/esm_freerdp2: DNE
xenial_freerdp2: DNE
bionic_freerdp2: released (2.1.1+dfsg1-0ubuntu0.18.04.1)
eoan_freerdp2: released (2.1.1+dfsg1-0ubuntu0.19.10.1)
focal_freerdp2: released (2.1.1+dfsg1-0ubuntu0.20.04.1)
devel_freerdp2: not-affected (2.1.1+dfsg1-1)

Patches_freerdp:
upstream_freerdp: needs-triage
precise/esm_freerdp: DNE
trusty_freerdp: ignored (out of standard support)
trusty/esm_freerdp: DNE
xenial_freerdp: not-affected (code not present)
esm-infra/xenial_freerdp: not-affected (code not present)
bionic_freerdp: not-affected (code not present)
eoan_freerdp: DNE
focal_freerdp: DNE
devel_freerdp: DNE