CVE-2020-13396

2020-05-22 20:15:00 2020-11-09 22:45:00

An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in ntlm_read_ChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c.

Vector

NETWORK

Complexity

LOW

Authentication

SINGLE

Confidentiality

PARTIAL

Integrity

NONE

Availability

PARTIAL

Opensuse Leap 15.1 * * * (not an official CPE) Debian Debian linux 9.0 * * * (not an official CPE) Canonical Ubuntu linux 20.04 * * * (not an official CPE) Canonical Ubuntu linux 19.10 * * * (not an official CPE) Canonical Ubuntu linux 18.04 * * * (not an official CPE) Canonical Ubuntu linux 16.04 * * * (not an official CPE)

Freerdp Freerdp * * * * (not an official CPE)

Freerdp - Freerdp Opensuse - Leap Debian - Debian linux Canonical - Ubuntu linux

Advisory	Patch	Confirmed	Link
			https://usn.ubuntu.com/4379-1/
			https://github.com/FreeRDP/FreeRDP/commit/48361c411e5082...
			https://github.com/FreeRDP/FreeRDP/commit/8fb6336a4072ab...
			https://github.com/FreeRDP/FreeRDP/compare/2.1.0...2.1.1
			https://lists.debian.org/debian-lts-announce/2020/08/msg...
			http://lists.opensuse.org/opensuse-security-announce/202...
			https://usn.ubuntu.com/4382-1/