VDB
CNVD-2020-31430
CNVD-2020-31430
PUBLISHED
FreeRDP是FreeRDP团队的一款开源的远程桌面协议(RDP)的实现。 FreeRDP 2.0.0及之前版本中存在缓冲区溢出漏洞,该漏洞源于当记录器设置为‘WLOG_TRACE’时,程序读取了无效的数组索引。攻击者可利用该漏洞导致应用程序崩溃,数据将被以字符串的形式打印到本地终端。
Exploit Intelligence
- In FreeRDP less than or equal to 2.0.0, when running with logger set to "WLOG_TRACE", a possible crash of application could occur due to a read of an invalid array index. Data could be printed as string to local terminal. This has been fixed in 2.1.0. CVE project by @Sn0wAlice (github-poc-repo)
- In FreeRDP less than or equal to 2.0.0, when running with logger set to "WLOG_TRACE", a possible crash of application could occur due to a read of an invalid array index. Data could be printed as string to local terminal. This has been fixed in 2.1.0. CVE project by @Sn0wAlice (github-poc-repo)
- In FreeRDP less than or equal to 2.0.0, when running with logger set to "WLOG_TRACE", a possible crash of application could occur due to a read of an invalid array index. Data could be printed as string to local terminal. This has been fixed in 2.1.0. CVE project by @Sn0wAlice (github-poc)
- In FreeRDP less than or equal to 2.0.0, when running with logger set to "WLOG_TRACE", a possible crash of application could occur due to a read of an invalid array index. Data could be printed as string to local terminal. This has been fixed in 2.1.0. CVE project by @Sn0wAlice (github-poc)
Timeline
- CVE Published