CVE-2020-13397

CVE-2020-13397

Name

CVE-2020-13397

Description

An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in libfreerdp/core/security.c due to an uninitialized value.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Patch	https://github.com/FreeRDP/FreeRDP/commit/d6cd14059b257318f176c0ba3ee0a348826a9ef8
Release Notes	https://github.com/FreeRDP/FreeRDP/compare/2.1.0...2.1.1
Third Party Advisory	https://github.com/FreeRDP/FreeRDP/commit/8fb6336a4072abcee8ce5bd6ae91104628c7bb69
Third Party Advisory	https://usn.ubuntu.com/4379-1/
Third Party Advisory	https://usn.ubuntu.com/4382-1/
Third Party Advisory	http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html
Third Party Advisory	https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html

Type

URI

Patch

https://github.com/FreeRDP/FreeRDP/commit/d6cd14059b257318f176c0ba3ee0a348826a9ef8

Release Notes

https://github.com/FreeRDP/FreeRDP/compare/2.1.0...2.1.1

Third Party Advisory

https://github.com/FreeRDP/FreeRDP/commit/8fb6336a4072abcee8ce5bd6ae91104628c7bb69

Third Party Advisory

https://usn.ubuntu.com/4379-1/

Third Party Advisory

https://usn.ubuntu.com/4382-1/