CVE-2020-11098 : Security Advisory and Response

CVE-2020-11098, assigned by GitHub_M, pertains to an out-of-bound read vulnerability in glyph_cache_put in FreeRDP.

Understanding CVE-2020-11098

In FreeRDP before version 2.1.2, an out-of-bound read vulnerability in glyph_cache_put was identified, affecting all FreeRDP clients with the

+glyph-cache

option enabled.

What is CVE-2020-11098?

The CVE-2020-11098 vulnerability involves an out-of-bound read issue in glyph_cache_put in FreeRDP, impacting FreeRDP clients with the

+glyph-cache

option enabled.

The Impact of CVE-2020-11098

The vulnerability could allow an attacker to read beyond the bounds of allocated memory, potentially leading to information disclosure or denial of service.

Technical Details of CVE-2020-11098

Vulnerability Description

The vulnerability in glyph_cache_put in FreeRDP before version 2.1.2 allows for an out-of-bound read, posing a security risk to affected systems.

Affected Systems and Versions

Vendor: FreeRDP
Product: FreeRDP
Versions Affected: < 2.1.2

Exploitation Mechanism

The vulnerability can be exploited by manipulating specific input to trigger the out-of-bound read in glyph_cache_put.

Mitigation and Prevention

Immediate Steps to Take

Update FreeRDP to version 2.1.2 or later to mitigate the vulnerability.
Disable the

+glyph-cache

option if not required to reduce the attack surface.

Long-Term Security Practices

Regularly monitor security advisories and update systems promptly.
Conduct security assessments to identify and address vulnerabilities proactively.

Patching and Updates

Apply patches and updates provided by FreeRDP to address the out-of-bound read vulnerability.