CVE-2020-11058 : Security Advisory and Response
Learn about CVE-2020-11058, an issue in FreeRDP versions > 1.1, < 2.0.0, allowing out-of-bounds reads. Find mitigation steps and update information here.
CVE-2020-11058, assigned by GitHub_M, pertains to an improper restriction of operations within the bounds of a memory buffer in FreeRDP.
Understanding CVE-2020-11058
What is CVE-2020-11058?
In FreeRDP versions after 1.1 and before 2.0.0, a vulnerability allowed a stream out-of-bounds seek in rdp_read_font_capability_set, potentially leading to a later out-of-bounds read. This flaw could be exploited by a manipulated client or server to force a disconnect due to an invalid data read.
The Impact of CVE-2020-11058
The impact of this vulnerability is rated as LOW with a base score of 2.2. It could result in a denial of service due to an out-of-bounds read.
Technical Details of CVE-2020-11058
Vulnerability Description
The vulnerability in FreeRDP could allow an out-of-bounds seek in rdp_read_font_capability_set, leading to a subsequent out-of-bounds read.
Affected Systems and Versions
- Vendor: FreeRDP
- Product: FreeRDP
- Versions Affected: > 1.1, < 2.0.0
Exploitation Mechanism
The vulnerability could be exploited by a manipulated client or server to trigger a disconnect by causing an invalid data read.
Mitigation and Prevention
Immediate Steps to Take
- Update FreeRDP to version 2.0.0 or later to mitigate this vulnerability.
- Monitor vendor advisories for any security patches or updates.
Long-Term Security Practices
- Regularly update software and systems to the latest versions.
- Implement network segmentation and access controls to limit exposure to potential threats.
Patching and Updates
- Apply security patches provided by FreeRDP promptly to address this vulnerability.