In FreeRDP before 2.1.0, there is an out-of-bound read in irp functions (parallelprocessirpcreate, serialprocessirpcreate, driveprocessirpwrite, printerprocessirpwrite, rdpeirecvpdu, serialprocessirp_write). This has been fixed in 2.1.0.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "47682832684198812535667895008735051541", "329552042913401938865707288999873234746", "930439872512316751516383828334976878", "26091991109583841803314384152297586768", "299292564510698175867276885398678562326", "241749646719451547488610374775409254896", "294327463423089681940164168682481456757", "322907985629569843240394471546899077846", "336847757345621179340296985878347175183", "218126538980390607293881652827771128597", "76071117591087293620489137635026595567", "330938271773920826734910481192451781418", "54075286374885170192208151027964610117", "128512718491816519070388955974583561644", "97476938166461584995257489635571313004", "69650073998873126254274997856024947995", "49838950029681009620910454863733784285", "238577141658327151321157144848318363002", "241348821447861862379440493207956371277", "293237360208347045011678652306237691917", "123551520017334226890806143860114884254", "133176205599561659603229720622251632280", "73485317294602196665807696639654023690", "36016045286623187122379572824704759854", "168196153284915670850995450568487048596", "176932113594738744682534318352572731448", "260303636416312116505303745146157375083", "207513571597720327115626011537603350399", "35419427559980191857476680430444122538", "312373761488449795469181440369359549329", "172592708265257221934367371867178733490", "279517103367330120949575021484921576336", "133678349915504695670877688933244288157", "200834550804741936409841214929055801270", "155546556517301051830877527624413756707", "141128984606036406165265486438239712782", "261370193974837106711005435480004942916", "51062649230442870012544389102770946952", "140445976682199001424220954396434467545", "221943250997332153717399969974256165632", "155593081288301040101637362768990668991", "57408345893946500497403352769925887625", "299767296294871038643662865942990705665", "305878896650781826346594859020915677879", "5511487042716807519408301031039453758", "128497785989538935288629762483471026998", "272560598350872823095170449897497393747", "115753685338699673344312975166427721674", "35935907458150937933951973349206662501", "131369208167891890328128837993505129376", "340225552457222904994083945190375223060", "76866275770673254433002441682005870388" ] }, "target": { "file": "libfreerdp/core/nego.c" }, "deprecated": false, "source": "https://github.com/freerdp/freerdp/commit/6b485b146a1b9d6ce72dfd7b5f36456c166e7a16", "signature_version": "v1", "id": "CVE-2020-11089-09c87033", "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "156191897061326817801756797554310939161", "69202850191743795323812716489641307068", "241734200383689916236616942549820929044", "203198180072417212398789727692067536580", "50731838928478701012284877735540706286", "273289622465782838860920342825812130962", "42457190816446551026411359597109275836", "184293425548401653999793529929297255369", "55596328388044550394840242716346259941", "339677139512418473567910263513268740125", "236620841338872489092816517782889830102" ] }, "target": { "file": "channels/printer/client/printer_main.c" }, "deprecated": false, "source": "https://github.com/freerdp/freerdp/commit/6b485b146a1b9d6ce72dfd7b5f36456c166e7a16", "signature_version": "v1", "id": "CVE-2020-11089-110a36bf", "signature_type": "Line" }, { "digest": { "length": 637.0, "function_hash": "170904362941683876850250272884163930269" }, "target": { "file": "libfreerdp/core/gateway/rdg.c", "function": "rdg_receive_packet" }, "deprecated": false, "source": "https://github.com/freerdp/freerdp/commit/6b485b146a1b9d6ce72dfd7b5f36456c166e7a16", "signature_version": "v1", "id": "CVE-2020-11089-1257ae6d", "signature_type": "Function" }, { "digest": { "length": 846.0, "function_hash": "66182606997078510499329383709595456599" }, "target": { "file": "channels/drive/client/drive_main.c", "function": "drive_process_irp_write" }, "deprecated": false, "source": "https://github.com/freerdp/freerdp/commit/6b485b146a1b9d6ce72dfd7b5f36456c166e7a16", "signature_version": "v1", "id": "CVE-2020-11089-13e93173", "signature_type": "Function" }, { "digest": { "length": 881.0, "function_hash": "273766576681943732645995567198832966631" }, "target": { "file": "libfreerdp/core/nego.c", "function": "nego_process_negotiation_failure" }, "deprecated": false, "source": "https://github.com/freerdp/freerdp/commit/6b485b146a1b9d6ce72dfd7b5f36456c166e7a16", "signature_version": "v1", "id": "CVE-2020-11089-1f67f733", "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "19663561899403946228245505389369135126", "84613089039294007122705094702337858821", "236536387187104095131604389354134300737", "310447094989968868756145039027559073971" ] }, "target": { "file": "libfreerdp/core/gateway/rdg.c" }, "deprecated": false, "source": "https://github.com/freerdp/freerdp/commit/6b485b146a1b9d6ce72dfd7b5f36456c166e7a16", "signature_version": "v1", "id": "CVE-2020-11089-21faa3df", "signature_type": "Line" }, { "digest": { "length": 925.0, "function_hash": "159554988916040832927359640324362947673" }, "target": { "file": "channels/serial/client/serial_main.c", "function": "serial_process_irp_write" }, "deprecated": false, "source": "https://github.com/freerdp/freerdp/commit/6b485b146a1b9d6ce72dfd7b5f36456c166e7a16", "signature_version": "v1", "id": "CVE-2020-11089-3854cfb2", "signature_type": "Function" }, { "digest": { "length": 699.0, "function_hash": "317052502213757784783918402494535044909" }, "target": { "file": "channels/printer/client/printer_main.c", "function": "printer_process_irp_write" }, "deprecated": false, "source": "https://github.com/freerdp/freerdp/commit/6b485b146a1b9d6ce72dfd7b5f36456c166e7a16", "signature_version": "v1", "id": "CVE-2020-11089-401c7dfe", "signature_type": "Function" }, { "digest": { "length": 1692.0, "function_hash": "304102151263129069540267228403698347527" }, "target": { "file": "channels/serial/client/serial_main.c", "function": "serial_process_irp_create" }, "deprecated": false, "source": "https://github.com/freerdp/freerdp/commit/6b485b146a1b9d6ce72dfd7b5f36456c166e7a16", "signature_version": "v1", "id": "CVE-2020-11089-41aa676b", "signature_type": "Function" }, { "digest": { "length": 829.0, "function_hash": "185718742578135751307402451222750902370" }, "target": { "file": "channels/parallel/client/parallel_main.c", "function": "parallel_process_irp_create" }, "deprecated": false, "source": "https://github.com/freerdp/freerdp/commit/795842f4096501fcefc1a7f535ccc8132feb31d7", "signature_version": "v1", "id": "CVE-2020-11089-57278865", "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "98769278756238776536078320840216342092", "183245812720416581529711557116114269753", "67120496288551067093132047725179241035", "273402597896540649174133910732792114611", "113394543336155099344794028422714820277", "307636514956299811041134406264063425200", "121930518596938561061235946240608592491", "13698904253202862151790106920185184326", "164594022007258847313547463768346918395", "205978457079927642020960361122092557216", "211796366868617053326480245430037685394", "84061247928281218839854077038590517206", "89644016289826628543259226255984993615", "99504305747373431725446188811824062141", "43179065539563675371332795261880602242", "157026042317182933286771737864037636450", "84746897555734288524021079553554550244" ] }, "target": { "file": "channels/serial/client/serial_main.c" }, "deprecated": false, "source": "https://github.com/freerdp/freerdp/commit/6b485b146a1b9d6ce72dfd7b5f36456c166e7a16", "signature_version": "v1", "id": "CVE-2020-11089-7fe85985", "signature_type": "Line" }, { "digest": { "length": 1254.0, "function_hash": "239749094573503691850531923152587447937" }, "target": { "file": "libfreerdp/core/nego.c", "function": "nego_recv" }, "deprecated": false, "source": "https://github.com/freerdp/freerdp/commit/6b485b146a1b9d6ce72dfd7b5f36456c166e7a16", "signature_version": "v1", "id": "CVE-2020-11089-806540fd", "signature_type": "Function" }, { "digest": { "length": 677.0, "function_hash": "122085830081182966399704492235592157054" }, "target": { "file": "libfreerdp/core/nego.c", "function": "nego_read_request" }, "deprecated": false, "source": "https://github.com/freerdp/freerdp/commit/6b485b146a1b9d6ce72dfd7b5f36456c166e7a16", "signature_version": "v1", "id": "CVE-2020-11089-821354e1", "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "335818021313877805783612401933489204002", "271738708438622537374050430810878319844", "334288888559659528461198939475195205659", "43298779902235354878683357298741985585", "217770551868455229686952318117540305641", "207297873691751824789662869920936170518", "205692800609279204782634686947869504087", "84019774511926025681526768821352608742", "104276227438904461304870208891414007998" ] }, "target": { "file": "channels/parallel/client/parallel_main.c" }, "deprecated": false, "source": "https://github.com/freerdp/freerdp/commit/795842f4096501fcefc1a7f535ccc8132feb31d7", "signature_version": "v1", "id": "CVE-2020-11089-87e00a9b", "signature_type": "Line" }, { "digest": { "length": 318.0, "function_hash": "259758579525292746236530715614057006240" }, "target": { "file": "libfreerdp/core/nego.c", "function": "nego_process_negotiation_request" }, "deprecated": false, "source": "https://github.com/freerdp/freerdp/commit/6b485b146a1b9d6ce72dfd7b5f36456c166e7a16", "signature_version": "v1", "id": "CVE-2020-11089-9a7052cf", "signature_type": "Function" }, { "digest": { "length": 1044.0, "function_hash": "19295001261553163107017141719726923702" }, "target": { "file": "channels/rdpei/client/rdpei_main.c", "function": "rdpei_recv_pdu" }, "deprecated": false, "source": "https://github.com/freerdp/freerdp/commit/6b485b146a1b9d6ce72dfd7b5f36456c166e7a16", "signature_version": "v1", "id": "CVE-2020-11089-9d4a3fae", "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "137528816605353047031792828100277689046", "211971427429379310324035460039505443696", "337857198652842340445845881178414327586", "240191023314061520237141810128116067912" ] }, "target": { "file": "channels/rdpei/client/rdpei_main.c" }, "deprecated": false, "source": "https://github.com/freerdp/freerdp/commit/6b485b146a1b9d6ce72dfd7b5f36456c166e7a16", "signature_version": "v1", "id": "CVE-2020-11089-b67f74fd", "signature_type": "Line" }, { "digest": { "length": 370.0, "function_hash": "3296183765728587478892840733992977114" }, "target": { "file": "libfreerdp/core/nego.c", "function": "nego_process_negotiation_response" }, "deprecated": false, "source": "https://github.com/freerdp/freerdp/commit/6b485b146a1b9d6ce72dfd7b5f36456c166e7a16", "signature_version": "v1", "id": "CVE-2020-11089-cff04b13", "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "254259848037474723848258519602975954261", "186490782120688978734355247511870866999", "78208883365415143392379087882753762912", "272639463329858195216969906102300564956", "211796366868617053326480245430037685394", "227071889569437569282477161411731735662", "10104366509480178155325934551669839732", "334496023875130275529104406043165050039", "319520800469083545224233710984470052338", "107411555030668755071287883768339786914", "58193674063988434286125731545997761161", "166405120946814927217036199935283344108" ] }, "target": { "file": "channels/drive/client/drive_main.c" }, "deprecated": false, "source": "https://github.com/freerdp/freerdp/commit/6b485b146a1b9d6ce72dfd7b5f36456c166e7a16", "signature_version": "v1", "id": "CVE-2020-11089-d68f482e", "signature_type": "Line" } ] }