CVE-2020-15103
Publication date 27 July 2020
Last updated 24 July 2024
Ubuntu priority
In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. All FreeRDP clients are affected. The input rectangles from the server are not checked against local surface coordinates and blindly accepted. A malicious server can send data that will crash the client later on (invalid length arguments to a `memcpy`) This has been fixed in 2.2.0. As a workaround, stop using command line arguments /gfx, /gfx-h264 and /network:auto
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| freerdp | 24.04 LTS noble | Not in release |
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Needs evaluation
|
|
| 16.04 LTS xenial |
Needs evaluation
|
|
| 14.04 LTS trusty | Not in release | |
| freerdp2 | 24.04 LTS noble |
Not affected
|
| 22.04 LTS jammy |
Not affected
|
|
| 20.04 LTS focal |
Fixed 2.2.0+dfsg1-0ubuntu0.20.04.1
|
|
| 18.04 LTS bionic |
Fixed 2.2.0+dfsg1-0ubuntu0.18.04.1
|
|
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release |
Notes
mdeslaur
The freerdp package in Ubuntu 16.04 LTS and Ubuntu 18.04 LTS does not build a server library. This is simply a client denial of service that has a negligible security impact.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
3.5 · Low
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | None |
| Availability impact | Low |
| Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L |
References
Related Ubuntu Security Notices (USN)
- USN-4481-1
- FreeRDP vulnerabilities
- 1 September 2020