CVE-2020-4030

Priority
Description
In FreeRDP before version 2.1.2, there is an out of bounds read in
TrioParse. Logging might bypass string length checks due to an integer
overflow. This is fixed in version 2.1.2.
Notes
mdeslaurThe freerdp package in Ubuntu 16.04 LTS and Ubuntu 18.04 LTS
does not build a server library. This is simply a client
denial of service that has a negligible security impact.
Package
Priority: Negligible
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 20.04 LTS (Focal Fossa):DNE
Ubuntu 20.10 (Groovy Gorilla):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):released (2.2.0+dfsg1-0ubuntu0.18.04.1)
Ubuntu 20.04 LTS (Focal Fossa):released (2.2.0+dfsg1-0ubuntu0.20.04.1)
Ubuntu 20.10 (Groovy Gorilla):not-affected (2.2.0+dfsg1-1)
Patches:
Upstream:https://github.com/FreeRDP/FreeRDP/commit/05cd9ea2290d23931f615c1b004d4b2e69074e27
More Information

Updated: 2020-09-09 23:36:38 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)