Out of bound read in cliprdr_server_receive_capabilities

Moderate

bmiklautz published GHSA-8cvc-vcw7-6mfw

May 29, 2020

Package

freerdp

Affected versions

<= 2.0.0

Patched versions

2.1.0

Description

Impact

All FreeRDP server implementations, all platforms
Reads out of bound data and allocates memory with random size
Possible resource exhaustion provoked by malicious clients

Workarounds

Deactivate FreeRDP clipboard support in your server

References

https://pub.freerdp.com/cve/CVE-2020-11018/