Double free in cliprdr_server_receive_capabilities

High

bmiklautz published GHSA-q5c8-fm29-q57c

May 29, 2020

Package

freerdp

Affected versions

<= 2.0.0

Patched versions

2.1.0

Description

Impact

All FreeRDP server implementations, all platforms
By providing manipulated input a malicious client can create a double free condition and crash the server

Workarounds

Deactivate FreeRDP clipboard support on your server

References

https://pub.freerdp.com/cve/CVE-2020-11017/