CVE-2020-13397

Name
CVE-2020-13397
Description
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in libfreerdp/core/security.c due to an uninitialized value.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Patch https://github.com/FreeRDP/FreeRDP/commit/d6cd14059b257318f176c0ba3ee0a348826a9ef8
Release Notes https://github.com/FreeRDP/FreeRDP/compare/2.1.0...2.1.1
Third Party Advisory https://github.com/FreeRDP/FreeRDP/commit/8fb6336a4072abcee8ce5bd6ae91104628c7bb69
Third Party Advisory https://usn.ubuntu.com/4379-1/
Third Party Advisory https://usn.ubuntu.com/4382-1/
Third Party Advisory http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html
Third Party Advisory https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:* freerdp >= None < 2.1.1

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
freerdp2 edge-community 2.0.0-r1 None fixed
freerdp2 3.22-community 2.0.0-r1 None fixed
freerdp edge-community 2.0.0-r1 None fixed
freerdp edge-community 2.0.0_rc4-r0 None possibly vulnerable
freerdp edge-community 2.0.0-r0 None possibly vulnerable
freerdp 3.22-community 2.0.0-r1 None fixed
freerdp 3.22-community 2.0.0_rc4-r0 None possibly vulnerable
freerdp 3.22-community 2.0.0-r0 None possibly vulnerable
freerdp 3.21-community 2.0.0-r1 None fixed
freerdp 3.20-community 2.0.0-r1 None fixed
freerdp 3.19-community 2.0.0-r1 None fixed
freerdp 3.18-community 2.0.0-r1 None fixed
freerdp 3.17-community 2.0.0-r1 None fixed