In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bounds read. It only allows to abort a session. No data extraction is possible. This has been fixed in 2.0.0.
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-11048.json"