Vulnerabilities > CVE-2020-4032 - Incorrect Conversion between Numeric Types vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
LOW Availability impact
NONE Summary
In FreeRDP before version 2.1.2, there is an integer casting vulnerability in update_recv_secondary_order. All clients with +glyph-cache /relax-order-checks are affected. This is fixed in version 2.1.2.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 | |
OS | 1 | |
OS | 2 | |
OS | 2 | |
OS | 1 |
Common Weakness Enumeration (CWE)
References
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3898-mc89-x2vc
- https://github.com/FreeRDP/FreeRDP/commit/e7bffa64ef5ed70bac94f823e2b95262642f5296
- http://www.freerdp.com/2020/06/22/2_1_2-released
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html
- https://usn.ubuntu.com/4481-1/
- https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOZLH35OJWIQLM7FYDXAP2EAUBDXE76V/