In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlmreadNegotiateMessage. This has been fixed in 2.1.0.