Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2020-11047

Disclosure Date: May 07, 2020
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bounds read in autodetect_recv_bandwidth_measure_results. A malicious server can extract up to 8 bytes of client memory with a manipulated message by providing a short input and reading the measurement result data. This has been patched in 2.0.0.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

General Information

Vendors

  • FreeRDP

Products

  • FreeRDP

Additional Info

Technical Analysis