Memory out of bounds read in autodetect_recv_bandwidth_measure_results
Moderate
bmiklautz
published
GHSA-9fw6-m2q8-h5pwMay 6, 2020
Package
freerdp
Affected versions
> 1.1
Patched versions
2.0.0
Description
Impact
All FreeRDP clients, all platforms
Out of bounds read.
A malicious server can extract up to 8 bytes of client memory with a manipulated message by providing a short input and reading the measurement result data.
Impact
Out of bounds read.
A malicious server can extract up to 8 bytes of client memory with a manipulated message by providing a short input and reading the measurement result data.
Patches
Fixed with commit f5e73cc
Workarounds
None
References
#6009