CVE-2020-11048

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2020-11048
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-11048.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-11048
Downstream
Related
Published
2020-05-07T20:15:12Z
Modified
2025-10-21T05:20:17.050567Z
Severity
  • 2.2 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
[none]
Details

In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bounds read. It only allows to abort a session. No data extraction is possible. This has been fixed in 2.0.0.

References

Affected packages

Git / github.com/freerdp/freerdp

Affected ranges

Type
GIT
Repo
https://github.com/freerdp/freerdp
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
9301bfe730c66180263248b74353daa99f5a969b

Affected versions

1.*

1.0-beta1
1.0-beta2
1.0-beta3
1.0-beta4
1.0-beta5
1.0.0
1.0.1
1.1.0-beta+2013071101
1.1.0-beta1
1.1.0-beta1+android2
1.1.0-beta1+android3
1.1.0-beta1+android4
1.1.0-beta1+android5
1.1.0-beta1+ios1
1.1.0-beta1+ios2
1.1.0-beta1+ios3
1.1.0-beta1+ios4
1.2.0-beta1+android7
1.2.0-beta1+android9

2.*

2.0.0-beta1+android10
2.0.0-beta1+android11
2.0.0-rc0
2.0.0-rc1
2.0.0-rc2
2.0.0-rc3
2.0.0-rc4

Database specific

vanir_signatures

[
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "207429656706164102241487631562483150029",
                "160855080664251780381481586080853864901",
                "154885552725460857237536460462182944693",
                "137057464677447681206941812240827118785",
                "32295946583092472538359192469478828536",
                "321372003978442485465940049287753759811",
                "216921153728238413575242304750854591780",
                "38875084919739579481613197757861568556",
                "118561823448347427604167643302528317857",
                "292472648421618007499905275026224403579",
                "317732064566241796915465113736984441406",
                "98157166811211554842277494294033859482",
                "47941600866532899626019413840293649997",
                "62939521881066200903176165356806219545",
                "27153392002938309650351908206670068486",
                "283916547381700756117322821801398420653",
                "209164361606408300950742918944485243074",
                "57575724307848464601797478208096395553",
                "338337927889444028183686346156617123270",
                "311237343593635781337249021078482090784",
                "40462881911335299008014078733993203247",
                "68994376286147872910360229220873259454",
                "282421208566998820852813773342451338942",
                "210270803240117053624892680821376108836",
                "307702040889948171696836427772694830619",
                "13203243765912103200161466416761043701",
                "311187427636141256049992373679639626920",
                "65135545341835649320137112016788135621",
                "154732157098890341529156619661194609155",
                "73836614939723900056058415358720293146",
                "292666546406820945978137218300693290034",
                "280142105074687418923488907376707508658",
                "19762445729772959933679794093234719576",
                "166754698775780058285793362753199756442",
                "268535692083178538713232645312179518176"
            ]
        },
        "target": {
            "file": "libfreerdp/core/rdp.c"
        },
        "id": "CVE-2020-11048-4f9ac9d6",
        "source": "https://github.com/freerdp/freerdp/commit/9301bfe730c66180263248b74353daa99f5a969b",
        "signature_type": "Line"
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "function_hash": "140329716457334555727175628405082761095",
            "length": 461.0
        },
        "target": {
            "function": "rdp_read_share_control_header",
            "file": "libfreerdp/core/rdp.c"
        },
        "id": "CVE-2020-11048-c50e58a0",
        "source": "https://github.com/freerdp/freerdp/commit/9301bfe730c66180263248b74353daa99f5a969b",
        "signature_type": "Function"
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "function_hash": "322073029365240409201041536492797667931",
            "length": 191.0
        },
        "target": {
            "function": "rdp_read_flow_control_pdu",
            "file": "libfreerdp/core/rdp.c"
        },
        "id": "CVE-2020-11048-c72a53b9",
        "source": "https://github.com/freerdp/freerdp/commit/9301bfe730c66180263248b74353daa99f5a969b",
        "signature_type": "Function"
    }
]