CVE-2020-11044

low-risk
Published 2020-05-07

In FreeRDP greater than 1.2 and before 2.0.0, a double free in update_read_cache_bitmap_v3_order crashes the client application if corrupted data from a manipulated server is parsed. This has been patched in 2.0.0.

Do I need to act?

-
0.12% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
2
CVSS 2.2/10 Low
NETWORK / HIGH complexity

Affected Products (5)

Affected Vendors

Debian Canonical Freerdp

References (10)

Patch https://github.com/FreeRDP/FreeRDP/commit/67c2aa52b2ae0341d469071d1bc8aab91f8d2e...
Exploit https://github.com/FreeRDP/FreeRDP/issues/6013
Third Party Advisory https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgqh-p732-6x2w
Mailing List https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html
Third Party Advisory https://usn.ubuntu.com/4379-1/
Patch https://github.com/FreeRDP/FreeRDP/commit/67c2aa52b2ae0341d469071d1bc8aab91f8d2e...
Exploit https://github.com/FreeRDP/FreeRDP/issues/6013
Third Party Advisory https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgqh-p732-6x2w
Mailing List https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html
Third Party Advisory https://usn.ubuntu.com/4379-1/
22
/ 100
low-risk
Severity 9/34 · Low
Exploitability 1/34 · Minimal
Exposure 12/34 · Low