CVE-2020-11038
- Source
- https://cve.org/CVERecord?id=CVE-2020-11038
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-11038.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2020-11038
- Downstream
- Related
- Published
- 2020-05-29T19:15:10.310Z
- Modified
- 2026-02-24T11:33:45.749808Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CVSS Calculator
- Summary
- [none]
- Details
-
In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer Overflow exists. When using /video redirection, a manipulated server can instruct the client to allocate a buffer with a smaller size than requested due to an integer overflow in size calculation. With later messages, the server can manipulate the client to write data out of bound to the previously allocated buffer. This has been patched in 2.1.0.
- References
-
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-h25x-cqr6-fp6g
- https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html
- https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html
Affected packages
Git / gitlab.gnome.org/GNOME/libxml2
Affected ranges
- Type
- GIT
- Repo
- https://gitlab.gnome.org/GNOME/libxml2
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
EAZEL-NAUTILUS-MS-AUG07
FOR_GNOME_0_99_1
GNOME_0_30
GNUMERIC_FIRST_PUBLIC_RELEASE
LIBXML_0_99
LIBXML_1_5_0
LIBXML_1_8_5
LIBXML_1_8_6
LIBXML_2_0_0
LIBXML_TEST_2_0_0
LIB_XML_1_1
LIB_XML_1_3
LIB_XML_1_4
LIB_XML_1_6_1
LIB_XML_1_6_2
LIB_XML_1_7_0
LIB_XML_1_7_1
LIB_XML_1_7_3
LIB_XML_1_8_3
LIB_XML_1_X
Database specific
vanir_signatures
[
{
"target": {
"file": "example/gjobread.c",
"function": "main"
},
"digest": {
"length": 289.0,
"function_hash": "217067580253948699484829138099054328869"
},
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2020-11038-4fa8ca34",
"source": "https://gitlab.gnome.org/GNOME/libxml2@c230410eadbada15092c04f92d01068af8a19f8d"
},
{
"target": {
"file": "example/gjobread.c"
},
"digest": {
"line_hashes": [
"287042595298680527861991348108261089809",
"169182630361917727940441134910200921263",
"198842561615446092675493735186734618685"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2020-11038-eabbf092",
"source": "https://gitlab.gnome.org/GNOME/libxml2@c230410eadbada15092c04f92d01068af8a19f8d"
}
]
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-11038.json"