CVE-2020-11095

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2020-11095
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-11095.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-11095
Downstream
Related
Published
2020-06-22T22:15:11Z
Modified
2025-10-21T05:20:44.813283Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVSS Calculator
Summary
[none]
Details

In FreeRDP before version 2.1.2, an out of bound reads occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARYDRAWINGORDERFIELDBYTES. This is fixed in version 2.1.2.

References

Affected packages

Git / github.com/freerdp/freerdp

Affected ranges

Type
GIT
Repo
https://github.com/freerdp/freerdp
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
733ee3208306b1ea32697b356c0215180fc3f049

Affected versions

1.*

1.0-beta1
1.0-beta2
1.0-beta3
1.0-beta4
1.0-beta5
1.0.0
1.0.1
1.1.0-beta+2013071101
1.1.0-beta1
1.1.0-beta1+android2
1.1.0-beta1+android3
1.1.0-beta1+android4
1.1.0-beta1+android5
1.1.0-beta1+ios1
1.1.0-beta1+ios2
1.1.0-beta1+ios3
1.1.0-beta1+ios4
1.2.0-beta1+android7
1.2.0-beta1+android9

2.*

2.0.0
2.0.0-beta1+android10
2.0.0-beta1+android11
2.0.0-rc0
2.0.0-rc1
2.0.0-rc2
2.0.0-rc3
2.0.0-rc4

Database specific

vanir_signatures

[
    {
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "83661530759982272789217462015793004948",
                "104878762670831033221038354390862029992",
                "272791363284371295445272591884693975401",
                "59035219335736776498321796800408841562"
            ]
        },
        "target": {
            "file": "libfreerdp/core/orders.h"
        },
        "signature_version": "v1",
        "id": "CVE-2020-11095-01d412ed",
        "deprecated": false,
        "source": "https://github.com/freerdp/freerdp/commit/733ee3208306b1ea32697b356c0215180fc3f049"
    },
    {
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "9759038510914153151753686765191576263",
                "290154212763052016131990678920133275954",
                "249898937819111962917541175407661968503",
                "9480646981039770999629887452317917297",
                "334504280783061180027247104794539925430",
                "58022289259760113300482021178428663631",
                "235876622437882869915650874338137663887",
                "133660594172436699444737295962343827097",
                "166538765259880885522691248734548658942",
                "152291646746058793889267262004007075811",
                "172149259027087655330513228828854746412",
                "164189415258152970783584916209882081693",
                "235447140459646522187855208664465111056",
                "22122000450042738873007236164692226898",
                "206694047387587892450265805180409652752",
                "285267825885063871661252555139000069639",
                "186451396646150396976295856402944880976",
                "81266851703937408823435276374744354535",
                "311225725042471257454275561203978202577",
                "63966758279282169383689912452614345143",
                "115502546802478225862671080829981485011",
                "298893753226290350850240375580619916212",
                "292920811732494256497932986498392005822",
                "191518170265669174038079689101026416154",
                "166840725413501580278739390645942911216",
                "193584340490708272010340958548543601010",
                "231406475063650752961702704558912809580",
                "256983624576199715159359161785948366273",
                "93190132112039027567612199996226306320",
                "196867229223080109059412830222949908763",
                "187241487131371847673043198898093463543",
                "188063835210165077972796720861205759445",
                "320348616264852036458507898176811273998",
                "19053007537966158981504779920264158015",
                "203262827079066056084730114919551386491",
                "78344982513801114018445121427657684676",
                "140937005991472515683952357623857850985",
                "70369829736225306102093320579934457875",
                "137525204350763100379661508180913696802",
                "247324917332950350967570186226186885862"
            ]
        },
        "target": {
            "file": "libfreerdp/core/orders.c"
        },
        "signature_version": "v1",
        "id": "CVE-2020-11095-09f67a65",
        "deprecated": false,
        "source": "https://github.com/freerdp/freerdp/commit/733ee3208306b1ea32697b356c0215180fc3f049"
    },
    {
        "signature_type": "Function",
        "digest": {
            "function_hash": "89453379062158814636837924878991058012",
            "length": 507.0
        },
        "target": {
            "file": "libfreerdp/core/update.c",
            "function": "update_write_order_info"
        },
        "signature_version": "v1",
        "id": "CVE-2020-11095-b493609d",
        "deprecated": false,
        "source": "https://github.com/freerdp/freerdp/commit/733ee3208306b1ea32697b356c0215180fc3f049"
    },
    {
        "signature_type": "Line",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "114829444431920560345576120937813952411",
                "208571286661820508873851357782052137376",
                "81162141223216018511128831936303510464",
                "67815018825020280448445364143843638252",
                "324654615962338714444883474300906990083",
                "209402898838706323263609621266652449545",
                "298594240373064264627897670645252968065",
                "322233294610379819808384893239863844800"
            ]
        },
        "target": {
            "file": "libfreerdp/core/update.c"
        },
        "signature_version": "v1",
        "id": "CVE-2020-11095-b8aa165e",
        "deprecated": false,
        "source": "https://github.com/freerdp/freerdp/commit/733ee3208306b1ea32697b356c0215180fc3f049"
    },
    {
        "signature_type": "Function",
        "digest": {
            "function_hash": "74082899412568118938237995509703980745",
            "length": 6647.0
        },
        "target": {
            "file": "libfreerdp/core/orders.c",
            "function": "update_recv_primary_order"
        },
        "signature_version": "v1",
        "id": "CVE-2020-11095-ed7a5b1e",
        "deprecated": false,
        "source": "https://github.com/freerdp/freerdp/commit/733ee3208306b1ea32697b356c0215180fc3f049"
    },
    {
        "signature_type": "Function",
        "digest": {
            "function_hash": "48970460822276361034849254676751372629",
            "length": 348.0
        },
        "target": {
            "file": "libfreerdp/core/update.c",
            "function": "update_prepare_order_info"
        },
        "signature_version": "v1",
        "id": "CVE-2020-11095-ef3ef17a",
        "deprecated": false,
        "source": "https://github.com/freerdp/freerdp/commit/733ee3208306b1ea32697b356c0215180fc3f049"
    }
]