CVE-2020-11089
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2020-11089
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-11089.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-11089
- Downstream
- Related
- Published
- 2020-05-29T20:15:11Z
- Modified
- 2025-10-14T17:19:47.036384Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L CVSS Calculator
- Summary
- [none]
- Details
-
In FreeRDP before 2.1.0, there is an out-of-bound read in irp functions (parallelprocessirpcreate, serialprocessirpcreate, driveprocessirpwrite, printerprocessirpwrite, rdpeirecvpdu, serialprocessirp_write). This has been fixed in 2.1.0.
- References
-
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html
- https://github.com/FreeRDP/FreeRDP/commit/6b485b146a1b9d6ce72dfd7b5f36456c166e7a16
- https://github.com/FreeRDP/FreeRDP/commit/795842f4096501fcefc1a7f535ccc8132feb31d7
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hfc7-c5gv-8c2h
- https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html
Affected packages
Git / github.com/freerdp/freerdp
Affected ranges
- Type
- GIT
- Repo
- https://github.com/freerdp/freerdp
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
Affected versions
1.*
1.0-beta1
1.0-beta2
1.0-beta3
1.0-beta4
1.0-beta5
1.0.0
1.0.1
1.1.0-beta+2013071101
1.1.0-beta1
1.1.0-beta1+android2
1.1.0-beta1+android3
1.1.0-beta1+android4
1.1.0-beta1+android5
1.1.0-beta1+ios1
1.1.0-beta1+ios2
1.1.0-beta1+ios3
1.1.0-beta1+ios4
1.2.0-beta1+android7
1.2.0-beta1+android9
2.*
2.0.0
2.0.0-beta1+android10
2.0.0-beta1+android11
2.0.0-rc0
2.0.0-rc1
2.0.0-rc2
2.0.0-rc3
2.0.0-rc4
Database specific
{
"vanir_signatures": [
{
"id": "CVE-2020-11089-09c87033",
"signature_type": "Line",
"target": {
"file": "libfreerdp/core/nego.c"
},
"deprecated": false,
"digest": {
"line_hashes": [
"47682832684198812535667895008735051541",
"329552042913401938865707288999873234746",
"930439872512316751516383828334976878",
"26091991109583841803314384152297586768",
"299292564510698175867276885398678562326",
"241749646719451547488610374775409254896",
"294327463423089681940164168682481456757",
"322907985629569843240394471546899077846",
"336847757345621179340296985878347175183",
"218126538980390607293881652827771128597",
"76071117591087293620489137635026595567",
"330938271773920826734910481192451781418",
"54075286374885170192208151027964610117",
"128512718491816519070388955974583561644",
"97476938166461584995257489635571313004",
"69650073998873126254274997856024947995",
"49838950029681009620910454863733784285",
"238577141658327151321157144848318363002",
"241348821447861862379440493207956371277",
"293237360208347045011678652306237691917",
"123551520017334226890806143860114884254",
"133176205599561659603229720622251632280",
"73485317294602196665807696639654023690",
"36016045286623187122379572824704759854",
"168196153284915670850995450568487048596",
"176932113594738744682534318352572731448",
"260303636416312116505303745146157375083",
"207513571597720327115626011537603350399",
"35419427559980191857476680430444122538",
"312373761488449795469181440369359549329",
"172592708265257221934367371867178733490",
"279517103367330120949575021484921576336",
"133678349915504695670877688933244288157",
"200834550804741936409841214929055801270",
"155546556517301051830877527624413756707",
"141128984606036406165265486438239712782",
"261370193974837106711005435480004942916",
"51062649230442870012544389102770946952",
"140445976682199001424220954396434467545",
"221943250997332153717399969974256165632",
"155593081288301040101637362768990668991",
"57408345893946500497403352769925887625",
"299767296294871038643662865942990705665",
"305878896650781826346594859020915677879",
"5511487042716807519408301031039453758",
"128497785989538935288629762483471026998",
"272560598350872823095170449897497393747",
"115753685338699673344312975166427721674",
"35935907458150937933951973349206662501",
"131369208167891890328128837993505129376",
"340225552457222904994083945190375223060",
"76866275770673254433002441682005870388"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/freerdp/freerdp/commit/6b485b146a1b9d6ce72dfd7b5f36456c166e7a16"
},
{
"id": "CVE-2020-11089-110a36bf",
"signature_type": "Line",
"target": {
"file": "channels/printer/client/printer_main.c"
},
"deprecated": false,
"digest": {
"line_hashes": [
"156191897061326817801756797554310939161",
"69202850191743795323812716489641307068",
"241734200383689916236616942549820929044",
"203198180072417212398789727692067536580",
"50731838928478701012284877735540706286",
"273289622465782838860920342825812130962",
"42457190816446551026411359597109275836",
"184293425548401653999793529929297255369",
"55596328388044550394840242716346259941",
"339677139512418473567910263513268740125",
"236620841338872489092816517782889830102"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/freerdp/freerdp/commit/6b485b146a1b9d6ce72dfd7b5f36456c166e7a16"
},
{
"id": "CVE-2020-11089-1257ae6d",
"signature_type": "Function",
"target": {
"file": "libfreerdp/core/gateway/rdg.c",
"function": "rdg_receive_packet"
},
"deprecated": false,
"digest": {
"length": 637.0,
"function_hash": "170904362941683876850250272884163930269"
},
"signature_version": "v1",
"source": "https://github.com/freerdp/freerdp/commit/6b485b146a1b9d6ce72dfd7b5f36456c166e7a16"
},
{
"id": "CVE-2020-11089-13e93173",
"signature_type": "Function",
"target": {
"file": "channels/drive/client/drive_main.c",
"function": "drive_process_irp_write"
},
"deprecated": false,
"digest": {
"length": 846.0,
"function_hash": "66182606997078510499329383709595456599"
},
"signature_version": "v1",
"source": "https://github.com/freerdp/freerdp/commit/6b485b146a1b9d6ce72dfd7b5f36456c166e7a16"
},
{
"id": "CVE-2020-11089-1f67f733",
"signature_type": "Function",
"target": {
"file": "libfreerdp/core/nego.c",
"function": "nego_process_negotiation_failure"
},
"deprecated": false,
"digest": {
"length": 881.0,
"function_hash": "273766576681943732645995567198832966631"
},
"signature_version": "v1",
"source": "https://github.com/freerdp/freerdp/commit/6b485b146a1b9d6ce72dfd7b5f36456c166e7a16"
},
{
"id": "CVE-2020-11089-21faa3df",
"signature_type": "Line",
"target": {
"file": "libfreerdp/core/gateway/rdg.c"
},
"deprecated": false,
"digest": {
"line_hashes": [
"19663561899403946228245505389369135126",
"84613089039294007122705094702337858821",
"236536387187104095131604389354134300737",
"310447094989968868756145039027559073971"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/freerdp/freerdp/commit/6b485b146a1b9d6ce72dfd7b5f36456c166e7a16"
},
{
"id": "CVE-2020-11089-3854cfb2",
"signature_type": "Function",
"target": {
"file": "channels/serial/client/serial_main.c",
"function": "serial_process_irp_write"
},
"deprecated": false,
"digest": {
"length": 925.0,
"function_hash": "159554988916040832927359640324362947673"
},
"signature_version": "v1",
"source": "https://github.com/freerdp/freerdp/commit/6b485b146a1b9d6ce72dfd7b5f36456c166e7a16"
},
{
"id": "CVE-2020-11089-401c7dfe",
"signature_type": "Function",
"target": {
"file": "channels/printer/client/printer_main.c",
"function": "printer_process_irp_write"
},
"deprecated": false,
"digest": {
"length": 699.0,
"function_hash": "317052502213757784783918402494535044909"
},
"signature_version": "v1",
"source": "https://github.com/freerdp/freerdp/commit/6b485b146a1b9d6ce72dfd7b5f36456c166e7a16"
},
{
"id": "CVE-2020-11089-41aa676b",
"signature_type": "Function",
"target": {
"file": "channels/serial/client/serial_main.c",
"function": "serial_process_irp_create"
},
"deprecated": false,
"digest": {
"length": 1692.0,
"function_hash": "304102151263129069540267228403698347527"
},
"signature_version": "v1",
"source": "https://github.com/freerdp/freerdp/commit/6b485b146a1b9d6ce72dfd7b5f36456c166e7a16"
},
{
"id": "CVE-2020-11089-57278865",
"signature_type": "Function",
"target": {
"file": "channels/parallel/client/parallel_main.c",
"function": "parallel_process_irp_create"
},
"deprecated": false,
"digest": {
"length": 829.0,
"function_hash": "185718742578135751307402451222750902370"
},
"signature_version": "v1",
"source": "https://github.com/freerdp/freerdp/commit/795842f4096501fcefc1a7f535ccc8132feb31d7"
},
{
"id": "CVE-2020-11089-7fe85985",
"signature_type": "Line",
"target": {
"file": "channels/serial/client/serial_main.c"
},
"deprecated": false,
"digest": {
"line_hashes": [
"98769278756238776536078320840216342092",
"183245812720416581529711557116114269753",
"67120496288551067093132047725179241035",
"273402597896540649174133910732792114611",
"113394543336155099344794028422714820277",
"307636514956299811041134406264063425200",
"121930518596938561061235946240608592491",
"13698904253202862151790106920185184326",
"164594022007258847313547463768346918395",
"205978457079927642020960361122092557216",
"211796366868617053326480245430037685394",
"84061247928281218839854077038590517206",
"89644016289826628543259226255984993615",
"99504305747373431725446188811824062141",
"43179065539563675371332795261880602242",
"157026042317182933286771737864037636450",
"84746897555734288524021079553554550244"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/freerdp/freerdp/commit/6b485b146a1b9d6ce72dfd7b5f36456c166e7a16"
},
{
"id": "CVE-2020-11089-806540fd",
"signature_type": "Function",
"target": {
"file": "libfreerdp/core/nego.c",
"function": "nego_recv"
},
"deprecated": false,
"digest": {
"length": 1254.0,
"function_hash": "239749094573503691850531923152587447937"
},
"signature_version": "v1",
"source": "https://github.com/freerdp/freerdp/commit/6b485b146a1b9d6ce72dfd7b5f36456c166e7a16"
},
{
"id": "CVE-2020-11089-821354e1",
"signature_type": "Function",
"target": {
"file": "libfreerdp/core/nego.c",
"function": "nego_read_request"
},
"deprecated": false,
"digest": {
"length": 677.0,
"function_hash": "122085830081182966399704492235592157054"
},
"signature_version": "v1",
"source": "https://github.com/freerdp/freerdp/commit/6b485b146a1b9d6ce72dfd7b5f36456c166e7a16"
},
{
"id": "CVE-2020-11089-87e00a9b",
"signature_type": "Line",
"target": {
"file": "channels/parallel/client/parallel_main.c"
},
"deprecated": false,
"digest": {
"line_hashes": [
"335818021313877805783612401933489204002",
"271738708438622537374050430810878319844",
"334288888559659528461198939475195205659",
"43298779902235354878683357298741985585",
"217770551868455229686952318117540305641",
"207297873691751824789662869920936170518",
"205692800609279204782634686947869504087",
"84019774511926025681526768821352608742",
"104276227438904461304870208891414007998"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/freerdp/freerdp/commit/795842f4096501fcefc1a7f535ccc8132feb31d7"
},
{
"id": "CVE-2020-11089-9a7052cf",
"signature_type": "Function",
"target": {
"file": "libfreerdp/core/nego.c",
"function": "nego_process_negotiation_request"
},
"deprecated": false,
"digest": {
"length": 318.0,
"function_hash": "259758579525292746236530715614057006240"
},
"signature_version": "v1",
"source": "https://github.com/freerdp/freerdp/commit/6b485b146a1b9d6ce72dfd7b5f36456c166e7a16"
},
{
"id": "CVE-2020-11089-9d4a3fae",
"signature_type": "Function",
"target": {
"file": "channels/rdpei/client/rdpei_main.c",
"function": "rdpei_recv_pdu"
},
"deprecated": false,
"digest": {
"length": 1044.0,
"function_hash": "19295001261553163107017141719726923702"
},
"signature_version": "v1",
"source": "https://github.com/freerdp/freerdp/commit/6b485b146a1b9d6ce72dfd7b5f36456c166e7a16"
},
{
"id": "CVE-2020-11089-b67f74fd",
"signature_type": "Line",
"target": {
"file": "channels/rdpei/client/rdpei_main.c"
},
"deprecated": false,
"digest": {
"line_hashes": [
"137528816605353047031792828100277689046",
"211971427429379310324035460039505443696",
"337857198652842340445845881178414327586",
"240191023314061520237141810128116067912"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/freerdp/freerdp/commit/6b485b146a1b9d6ce72dfd7b5f36456c166e7a16"
},
{
"id": "CVE-2020-11089-cff04b13",
"signature_type": "Function",
"target": {
"file": "libfreerdp/core/nego.c",
"function": "nego_process_negotiation_response"
},
"deprecated": false,
"digest": {
"length": 370.0,
"function_hash": "3296183765728587478892840733992977114"
},
"signature_version": "v1",
"source": "https://github.com/freerdp/freerdp/commit/6b485b146a1b9d6ce72dfd7b5f36456c166e7a16"
},
{
"id": "CVE-2020-11089-d68f482e",
"signature_type": "Line",
"target": {
"file": "channels/drive/client/drive_main.c"
},
"deprecated": false,
"digest": {
"line_hashes": [
"254259848037474723848258519602975954261",
"186490782120688978734355247511870866999",
"78208883365415143392379087882753762912",
"272639463329858195216969906102300564956",
"211796366868617053326480245430037685394",
"227071889569437569282477161411731735662",
"10104366509480178155325934551669839732",
"334496023875130275529104406043165050039",
"319520800469083545224233710984470052338",
"107411555030668755071287883768339786914",
"58193674063988434286125731545997761161",
"166405120946814927217036199935283344108"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://github.com/freerdp/freerdp/commit/6b485b146a1b9d6ce72dfd7b5f36456c166e7a16"
}
]
}