Bug 1854895 (CVE-2020-4030)
| Summary: | CVE-2020-4030 freerdp: out of bounds read in TrioParse | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Dhananjay Arunesh <darunesh> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | mads, negativo17, oholy, pahan |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | freerdp 2.1.2 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-05-18 20:34:15 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1854896, 1854897, 1855913, 1855914 | ||
| Bug Blocks: | 1854906 | ||
|
Description
Dhananjay Arunesh
2020-07-08 12:21:46 UTC
Created freerdp tracking bugs for this issue: Affects: epel-all [bug 1854897] Affects: fedora-all [bug 1854896] Technical summary: The TrioWriteString() and trio_register() routines of winpr/libwinpr/utils/trio/trio.c had bad checks of namespace size which allowed an integer overflow that could cause an out-of-bounds read later in the code, when TrioFindNamespace() was called. These routines are used for logging in both freerdp clients and servers. This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:1849 https://access.redhat.com/errata/RHSA-2021:1849 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-4030 |