DEBIAN-CVE-2020-11038

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2020-11038

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2020-11038.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2020-11038

Upstream

CVE-2020-11038

Published

2020-05-29T19:15:10Z

Modified

2025-09-19T06:14:57Z

Summary

[none]

Details

In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer Overflow exists. When using /video redirection, a manipulated server can instruct the client to allocate a buffer with a smaller size than requested due to an integer overflow in size calculation. With later messages, the server can manipulate the client to write data out of bound to the previously allocated buffer. This has been patched in 2.1.0.

References

https://security-tracker.debian.org/tracker/CVE-2020-11038

Affected packages

Debian:11 / freerdp2

Package

Name: freerdp2
Purl: pkg:deb/debian/freerdp2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1.1+dfsg1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / freerdp2

Package

Name: freerdp2
Purl: pkg:deb/debian/freerdp2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1.1+dfsg1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}