VDB
CVE-2020-4030
CVE-2020-4030
PUBLISHED
In FreeRDP before version 2.1.2, there is an out of bounds read in TrioParse. Logging might bypass string length checks due to an integer overflow. This is fixed in version 2.1.2.
EPSS 0.04% · 12.4th percentile
Risk Scores
EPSS Score
0.04%
12.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | freerdp | 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.1, 1.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.2, * |
| Ubuntu:16.04:LTS | freerdp | 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.3, 1.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.2, 0 |
| Ubuntu:18.04:LTS | freerdp2 | *, 2.0.0~git20170725.1.1648deb+dfsg1-5ubuntu1, 0 |
| Ubuntu:20.04:LTS | freerdp2 | 0, 2.0.0~git20190204.1.2693389a+dfsg1-1, 2.0.0~git20190204.1.2693389a+dfsg1-2 |
Exploit Intelligence
- http://www.freerdp.com/2020/06/22/2_1_2-released (circl)
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fjr5-97f5-qq98 (circl)
- https://github.com/FreeRDP/FreeRDP/commit/05cd9ea2290d23931f615c1b004d4b2e69074e27 (circl)
- openSUSE-SU-2020:1090 (circl)
- FEDORA-2020-8d5f86e29a (circl)
- FEDORA-2020-a3432485db (circl)
- USN-4481-1 (circl)
- [debian-lts-announce] 20231007 [SECURITY] [DLA 3606-1] freerdp2 security update (circl)
Timeline
- Jun 22, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-4030 third-party-advisory
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fjr5-97f5-qq98 third-party-advisory
- http://www.freerdp.com/2020/06/22/2_1_2-released third-party-advisory
- https://ubuntu.com/security/notices/USN-4481-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-4030 third-party-advisory