CVE-2020-11018

Description

In FreeRDP less than or equal to 2.0.0, a possible resource exhaustion vulnerability can be performed. Malicious clients could trigger out of bound reads causing memory allocation with random size. This has been fixed in 2.1.0.

How to fix CVE-2020-11018

To remediate CVE-2020-11018, upgrade the affected package to a fixed version below.

Debian/freerdp2—upgrade to 2.1.1+dfsg1-1 or later

Is CVE-2020-11018 being exploited?

Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 2.1.1+dfsg1-1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2020-11018