How severe is CVE-2020-15103?

This vulnerability has a severity rating of LOW with a CVSS score of 3.5 out of 10.

What type of vulnerability is CVE-2020-15103?

This is classified as CWE-680, which is a common weakness in software security.

CVE-2020-15103

LOW Year: 2020

CVSS v3 Score

3.5

Low

CVSS v2 Score

3.5

Low

Weakness Type

CWE-680

View all →

Vulnerability Description

In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. All FreeRDP clients are affected. The input rectangles from the server are not checked against local surface coordinates and blindly accepted. A malicious server can send data that will crash the client later on (invalid length arguments to a `memcpy`) This has been fixed in 2.2.0. As a workaround, stop using command line arguments /gfx, /gfx-h264 and /network:auto

CVE-2024-6381

MEDIUM

CVSS:4.0(Medium)

The bson_strfreev function in the MongoDB C driver library may be susceptible to an integer overflow where the function will try to free memory at a negative offset. This may result in memory corrupti...

CWE-6802024

CVE-2020-11038

MEDIUM

CVSS:5.4(Medium)

In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer Overflow exists. When using /video redirection, a manipulated server can instruct the client to allocate a buffer with a smaller s...

CWE-6802020

CVE-2018-8786

CRITICAL

CVSS:9.8(Critical)

FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably eve...

CWE-6802018

CVE-2018-8787

CRITICAL

CVSS:9.8(Critical)

FreeRDP prior to version 2.0.0-rc4 contains an Integer Overflow that leads to a Heap-Based Buffer Overflow in function gdi_Bitmap_Decompress() and results in a memory corruption and probably even a re...

CWE-6802018

CVE-2018-8794

CRITICAL

CVSS:9.8(Critical)

rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to an Out-Of-Bounds Write in function process_bitmap_updates() and results in a memory corruption and possibly even ...

CWE-6802018

CVE-2018-8795

CRITICAL

CVSS:9.8(Critical)

rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in function process_bitmap_updates() and results in a memory corruption and probably...

CWE-6802018

CVE-2020-15103

Vulnerability Description

Related Vulnerabilities

CVE-2024-6381

CVE-2020-11038

CVE-2018-8786

CVE-2018-8787

CVE-2018-8794

CVE-2018-8795