CVE-2020-11040

In FreeRDP less than or equal to 2.0.0, there is an out-of-bound data read from memory in cleardecompresssubcode_rlex, visualized on screen as color. This has been patched in 2.1.0.

Database specific

{
    "unresolved_ranges": [
        {
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "10.0"
                }
            ],
            "cpe": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"
        },
        {
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "15.1"
                }
            ],
            "cpe": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"
        }
    ]
}

References

Affected packages

Git / github.com/freerdp/freerdp

Affected ranges

Type

GIT

Repo

https://github.com/freerdp/freerdp

Events

Introduced

Fixed

11b9b1ca6be433f1da5bbf5e152d554d3eb67ac6

Database specific

{
    "source": "CPE_FIELD",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.1.0"
        }
    ],
    "cpe": "cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*"
}

Affected versions

1.*

1.0-beta1

1.0-beta2

1.0-beta4

1.0-beta5

1.0.0

1.0.1

1.1.0-beta+2013071101

1.1.0-beta1

1.1.0-beta1+android2

1.1.0-beta1+android3

1.1.0-beta1+android4

1.1.0-beta1+android5

1.1.0-beta1+ios1

1.1.0-beta1+ios2

1.1.0-beta1+ios3

1.1.0-beta1+ios4

1.2.0-beta1+android7

1.2.0-beta1+android9

2.*

2.0.0

2.0.0-beta1+android10

2.0.0-beta1+android11

2.0.0-rc0

2.0.0-rc1

2.0.0-rc2

2.0.0-rc3

2.0.0-rc4

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-11040.json"