Skip to content

Out of bound read/write in usb redirection channel

Moderate
bmiklautz published GHSA-mx9p-f6q8-mqwq May 29, 2020

Package

freerdp

Affected versions

<= 2.0.0

Patched versions

2.1.0

Description

Impact

  • All FreeRDP based clients, all platforms

When using a manipulated server with USB redirection enabled (nearly) arbitrary memory can be read and written due to integer overflows in length checks.

Workarounds

Deactivate USB redirection client side.

References

Severity

Moderate

CVE ID

CVE-2020-11039

Weaknesses

No CWEs