ID CVE-2020-13398
Summary An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c.
References
Vulnerable Configurations
  • cpe:2.3:a:freerdp:freerdp:1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:freerdp:freerdp:1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freerdp:freerdp:1.0.0:-:*:*:*:*:*:*
    cpe:2.3:a:freerdp:freerdp:1.0.0:-:*:*:*:*:*:*
  • cpe:2.3:a:freerdp:freerdp:1.0.0:beta1:*:*:*:*:*:*
    cpe:2.3:a:freerdp:freerdp:1.0.0:beta1:*:*:*:*:*:*
  • cpe:2.3:a:freerdp:freerdp:1.0.0:beta2:*:*:*:*:*:*
    cpe:2.3:a:freerdp:freerdp:1.0.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:freerdp:freerdp:1.0.0:beta3:*:*:*:*:*:*
    cpe:2.3:a:freerdp:freerdp:1.0.0:beta3:*:*:*:*:*:*
  • cpe:2.3:a:freerdp:freerdp:1.0.0:beta4:*:*:*:*:*:*
    cpe:2.3:a:freerdp:freerdp:1.0.0:beta4:*:*:*:*:*:*
  • cpe:2.3:a:freerdp:freerdp:1.0.0:beta5:*:*:*:*:*:*
    cpe:2.3:a:freerdp:freerdp:1.0.0:beta5:*:*:*:*:*:*
  • cpe:2.3:a:freerdp:freerdp:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:freerdp:freerdp:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:freerdp:freerdp:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:freerdp:freerdp:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:freerdp:freerdp:1.0.2:-:*:*:*:*:*:*
    cpe:2.3:a:freerdp:freerdp:1.0.2:-:*:*:*:*:*:*
  • cpe:2.3:a:freerdp:freerdp:1.0.2:rc1:*:*:*:*:*:*
    cpe:2.3:a:freerdp:freerdp:1.0.2:rc1:*:*:*:*:*:*
  • cpe:2.3:a:freerdp:freerdp:1.0.2:rc2:*:*:*:*:*:*
    cpe:2.3:a:freerdp:freerdp:1.0.2:rc2:*:*:*:*:*:*
  • cpe:2.3:a:freerdp:freerdp:1.1.0:-:*:*:*:*:*:*
    cpe:2.3:a:freerdp:freerdp:1.1.0:-:*:*:*:*:*:*
  • cpe:2.3:a:freerdp:freerdp:1.1.0:beta1:*:*:*:*:*:*
    cpe:2.3:a:freerdp:freerdp:1.1.0:beta1:*:*:*:*:*:*
  • cpe:2.3:a:freerdp:freerdp:1.1.0:beta2:*:*:*:*:*:*
    cpe:2.3:a:freerdp:freerdp:1.1.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:freerdp:freerdp:1.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:freerdp:freerdp:1.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:freerdp:freerdp:2.0.0:-:*:*:*:*:*:*
    cpe:2.3:a:freerdp:freerdp:2.0.0:-:*:*:*:*:*:*
  • cpe:2.3:a:freerdp:freerdp:2.0.0:rc0:*:*:*:*:*:*
    cpe:2.3:a:freerdp:freerdp:2.0.0:rc0:*:*:*:*:*:*
  • cpe:2.3:a:freerdp:freerdp:2.0.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:freerdp:freerdp:2.0.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:freerdp:freerdp:2.0.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:freerdp:freerdp:2.0.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:freerdp:freerdp:2.0.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:freerdp:freerdp:2.0.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:freerdp:freerdp:2.0.0:rc4:*:*:*:*:*:*
    cpe:2.3:a:freerdp:freerdp:2.0.0:rc4:*:*:*:*:*:*
  • cpe:2.3:a:freerdp:freerdp:2.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:freerdp:freerdp:2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
CVSS
Base: 6.5 (as of 09-11-2020 - 21:46)
Impact:
Exploitability:
CWE CWE-787
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:P/A:P
redhat via4
advisories
  • bugzilla
    id 1841199
    title CVE-2020-13398 freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 7 is installed
        oval oval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • comment freerdp is earlier than 0:2.0.0-4.rc4.el7_8.1
            oval oval:com.redhat.rhsa:tst:20202405001
          • comment freerdp is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20190697002
        • AND
          • comment freerdp-devel is earlier than 0:2.0.0-4.rc4.el7_8.1
            oval oval:com.redhat.rhsa:tst:20202405003
          • comment freerdp-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20190697004
        • AND
          • comment freerdp-libs is earlier than 0:2.0.0-4.rc4.el7_8.1
            oval oval:com.redhat.rhsa:tst:20202405005
          • comment freerdp-libs is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20190697006
        • AND
          • comment libwinpr is earlier than 0:2.0.0-4.rc4.el7_8.1
            oval oval:com.redhat.rhsa:tst:20202405007
          • comment libwinpr is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20192157008
        • AND
          • comment libwinpr-devel is earlier than 0:2.0.0-4.rc4.el7_8.1
            oval oval:com.redhat.rhsa:tst:20202405009
          • comment libwinpr-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20192157010
    rhsa
    id RHSA-2020:2405
    released 2020-06-05
    severity Important
    title RHSA-2020:2405: freerdp security update (Important)
  • bugzilla
    id 1841199
    title CVE-2020-13398 freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 6 is installed
        oval oval:com.redhat.rhba:tst:20111656003
      • OR
        • AND
          • comment freerdp is earlier than 0:1.0.2-7.el6_10
            oval oval:com.redhat.rhsa:tst:20202406001
          • comment freerdp is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20190697002
        • AND
          • comment freerdp-devel is earlier than 0:1.0.2-7.el6_10
            oval oval:com.redhat.rhsa:tst:20202406003
          • comment freerdp-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20190697004
        • AND
          • comment freerdp-libs is earlier than 0:1.0.2-7.el6_10
            oval oval:com.redhat.rhsa:tst:20202406005
          • comment freerdp-libs is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20190697006
        • AND
          • comment freerdp-plugins is earlier than 0:1.0.2-7.el6_10
            oval oval:com.redhat.rhsa:tst:20202406007
          • comment freerdp-plugins is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20190697008
    rhsa
    id RHSA-2020:2406
    released 2020-06-04
    severity Important
    title RHSA-2020:2406: freerdp security update (Important)
  • bugzilla
    id 1841199
    title CVE-2020-13398 freerdp: Out-of-bounds write in crypto_rsa_common in libfreerdp/crypto/crypto.c
    oval
    OR
    • comment Red Hat Enterprise Linux must be installed
      oval oval:com.redhat.rhba:tst:20070304026
    • AND
      • comment Red Hat Enterprise Linux 8 is installed
        oval oval:com.redhat.rhba:tst:20193384074
      • OR
        • AND
          • comment freerdp is earlier than 2:2.0.0-46.rc4.el8_2.2
            oval oval:com.redhat.rhsa:tst:20202407001
          • comment freerdp is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20190697002
        • AND
          • comment freerdp-debugsource is earlier than 2:2.0.0-46.rc4.el8_2.2
            oval oval:com.redhat.rhsa:tst:20202407003
          • comment freerdp-debugsource is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20202336004
        • AND
          • comment freerdp-devel is earlier than 2:2.0.0-46.rc4.el8_2.2
            oval oval:com.redhat.rhsa:tst:20202407005
          • comment freerdp-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20190697004
        • AND
          • comment freerdp-libs is earlier than 2:2.0.0-46.rc4.el8_2.2
            oval oval:com.redhat.rhsa:tst:20202407007
          • comment freerdp-libs is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20190697006
        • AND
          • comment libwinpr is earlier than 2:2.0.0-46.rc4.el8_2.2
            oval oval:com.redhat.rhsa:tst:20202407009
          • comment libwinpr is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20192157008
        • AND
          • comment libwinpr-devel is earlier than 2:2.0.0-46.rc4.el8_2.2
            oval oval:com.redhat.rhsa:tst:20202407011
          • comment libwinpr-devel is signed with Red Hat redhatrelease2 key
            oval oval:com.redhat.rhsa:tst:20192157010
    rhsa
    id RHSA-2020:2407
    released 2020-06-04
    severity Important
    title RHSA-2020:2407: freerdp security update (Important)
rpms
  • freerdp-0:2.0.0-4.rc4.el7_8.1
  • freerdp-debuginfo-0:2.0.0-4.rc4.el7_8.1
  • freerdp-devel-0:2.0.0-4.rc4.el7_8.1
  • freerdp-libs-0:2.0.0-4.rc4.el7_8.1
  • libwinpr-0:2.0.0-4.rc4.el7_8.1
  • libwinpr-devel-0:2.0.0-4.rc4.el7_8.1
  • freerdp-0:1.0.2-7.el6_10
  • freerdp-debuginfo-0:1.0.2-7.el6_10
  • freerdp-devel-0:1.0.2-7.el6_10
  • freerdp-libs-0:1.0.2-7.el6_10
  • freerdp-plugins-0:1.0.2-7.el6_10
  • freerdp-2:2.0.0-46.rc4.el8_2.2
  • freerdp-debuginfo-2:2.0.0-46.rc4.el8_2.2
  • freerdp-debugsource-2:2.0.0-46.rc4.el8_2.2
  • freerdp-devel-2:2.0.0-46.rc4.el8_2.2
  • freerdp-libs-2:2.0.0-46.rc4.el8_2.2
  • freerdp-libs-debuginfo-2:2.0.0-46.rc4.el8_2.2
  • libwinpr-2:2.0.0-46.rc4.el8_2.2
  • libwinpr-debuginfo-2:2.0.0-46.rc4.el8_2.2
  • libwinpr-devel-2:2.0.0-46.rc4.el8_2.2
  • freerdp-2:2.0.0-46.rc4.el8_1.2
  • freerdp-debuginfo-2:2.0.0-46.rc4.el8_1.2
  • freerdp-debugsource-2:2.0.0-46.rc4.el8_1.2
  • freerdp-devel-2:2.0.0-46.rc4.el8_1.2
  • freerdp-libs-2:2.0.0-46.rc4.el8_1.2
  • freerdp-libs-debuginfo-2:2.0.0-46.rc4.el8_1.2
  • libwinpr-2:2.0.0-46.rc4.el8_1.2
  • libwinpr-debuginfo-2:2.0.0-46.rc4.el8_1.2
  • libwinpr-devel-2:2.0.0-46.rc4.el8_1.2
  • freerdp-2:2.0.0-46.rc4.el8_0.2
  • freerdp-debuginfo-2:2.0.0-46.rc4.el8_0.2
  • freerdp-debugsource-2:2.0.0-46.rc4.el8_0.2
  • freerdp-libs-2:2.0.0-46.rc4.el8_0.2
  • freerdp-libs-debuginfo-2:2.0.0-46.rc4.el8_0.2
  • libwinpr-2:2.0.0-46.rc4.el8_0.2
  • libwinpr-debuginfo-2:2.0.0-46.rc4.el8_0.2
  • libwinpr-devel-2:2.0.0-46.rc4.el8_0.2
refmap via4
misc
mlist [debian-lts-announce] 20200829 [SECURITY] [DLA 2356-1] freerdp security update
suse openSUSE-SU-2020:1090
ubuntu
  • USN-4379-1
  • USN-4382-1
Last major update 09-11-2020 - 21:46
Published 22-05-2020 - 18:15
Last modified 09-11-2020 - 21:46
Back to Top