CVE-2020-11097
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2020-11097
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-11097.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-11097
- Downstream
- Related
- Published
- 2020-06-22T22:15:12Z
- Modified
- 2025-10-21T05:20:38.131026Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVSS Calculator
- Summary
- [none]
- Details
-
In FreeRDP before version 2.1.2, an out of bounds read occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARYDRAWINGORDERFIELDBYTES. This is fixed in version 2.1.2.
- References
-
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html
- http://www.freerdp.com/2020/06/22/2_1_2-released
- https://github.com/FreeRDP/FreeRDP/commit/58a3122250d54de3a944c487776bcd4d1da4721e
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c8x2-c3c9-9r3f
- https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html
- https://usn.ubuntu.com/4481-1/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOZLH35OJWIQLM7FYDXAP2EAUBDXE76V/
Affected packages
Git / github.com/freerdp/freerdp
Affected ranges
- Type
- GIT
- Repo
- https://github.com/freerdp/freerdp
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
1.*
1.0-beta1
1.0-beta2
1.0-beta3
1.0-beta4
1.0-beta5
1.0.0
1.0.1
1.1.0-beta+2013071101
1.1.0-beta1
1.1.0-beta1+android2
1.1.0-beta1+android3
1.1.0-beta1+android4
1.1.0-beta1+android5
1.1.0-beta1+ios1
1.1.0-beta1+ios2
1.1.0-beta1+ios3
1.1.0-beta1+ios4
1.2.0-beta1+android7
1.2.0-beta1+android9
2.*
2.0.0
2.0.0-beta1+android10
2.0.0-beta1+android11
2.0.0-rc0
2.0.0-rc1
2.0.0-rc2
2.0.0-rc3
2.0.0-rc4
Database specific
vanir_signatures
[
{
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2020-11097-212ea6e0",
"source": "https://github.com/freerdp/freerdp/commit/58a3122250d54de3a944c487776bcd4d1da4721e",
"digest": {
"function_hash": "57488475844778396462460790092864555790",
"length": 237.0
},
"signature_type": "Function",
"target": {
"function": "ntlm_av_pair_add_copy",
"file": "winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2020-11097-272bcffb",
"source": "https://github.com/freerdp/freerdp/commit/58a3122250d54de3a944c487776bcd4d1da4721e",
"digest": {
"line_hashes": [
"281199093337488200191958111791756366853",
"86361152385755966826729106938199490232",
"301258790964740342752047417413381409325",
"64871899050614241632329072053632383438",
"171629921269689412698261980165533363166",
"280985466425593815851120201738318197848",
"215031949970783615435428995198206216453",
"286438992864848406489036145044154905334",
"113752148089474114952837197080630701144",
"261104035268028934009696214851412871679",
"98989221216521820866967581278618381482",
"337742880902647651629047093659632208933",
"3334756412236517589181867201979733455",
"103245678047144842394138995286077424134",
"5166378531987869140672072634351512732",
"249200620952908277699102100906082171268",
"115587606294612258886551207392690826315",
"36484635899830625272804187925422326882",
"188107224532099152941644997882149622203",
"180995325117604890745894139970635283717",
"436036971502398700086804216155473821",
"13529482424500140519531356944398575912",
"136417555553341533743111632568764786077",
"239445366359930780630590472806495990522",
"132711345408900996857392493114575091850",
"295114563189248967616603163122388961511",
"242173724222210736403411708683860662329",
"330855163572209597226193036534035120791",
"91374909195604381407826664147616620024",
"96083745236847862914030290942849033056",
"22209690621860503893893589792044144381",
"57244532241024405700955981970156616836",
"57101202039700414667920455083041397523",
"313012558092589049358220648949321429457",
"245617393233253849284754177811591500060",
"69418438796879696461326147429630176135",
"150329480413620240615249325058868698542",
"115366925041650720317956991863994919354",
"271022599464925284833260632313878238678",
"313539118943810949408059871957705625692",
"337682998172270753137155573263664761500",
"136403229665872719211530308254949039834",
"192915648604426182295163500785957816589",
"71241307273316452603812038843946428292",
"6774316596784631972329756482198279032",
"107836011117986293807400463457708225656",
"55819068125011700510501495665340032292",
"201806937536850179500748766512066582561",
"61340727451805348634457892027747916553",
"206448064473308206000361481115046595942",
"253106058364440878946468316007062645472",
"149556273958818351783449250945774504637",
"163346887054405021868980364527044038797",
"281859025270304923139001026590981219081",
"111023201722658384554392286046801719828",
"208043048851928609541199680414385351849",
"194314692853375298167416266599964257412",
"330855163572209597226193036534035120791",
"133343078431817319198405452851395702822",
"92051402708876702855213372929775476882",
"20262677845246949811982578871421752273",
"30294040465972978337665516207326600302",
"100596151595386892808686808876444322873",
"218380447903229931902041113406121401348",
"79432236620937571761573377056172891904",
"5833464350851945518932825287130234697",
"165406605710286884109355416855268162045",
"316748516904409782601425098032849292255",
"325598333547243503755203230585074483313",
"232014736034377139483828393234310555034",
"47297651524244483785701207195065630951",
"125950940752756859446411444416177807277",
"66067983669307139571201381189351074732",
"262687917827257726382326812727132182398",
"151264887144978549018035186497608873800",
"245158052017045770391939370792141102474",
"202701610286915524349915576408099196539",
"290948123518871606490567816206993941126",
"212931074934022063009393948878372429454",
"42619806236160354111725301116625869093",
"15983919559890403491364002881865209377",
"28762489451009499044273910584057284010",
"197281290636470483770762266484523134261",
"151802289544448969219420074066886837252",
"274621551085559560253152700213456124964",
"98894975566764290785317935575630181502",
"253891738001197617345319286635477158345",
"10275772404493237892076057494046037714",
"323593557470075104773257748948920174739",
"286218120647365853809383241850110654331",
"271616553223947234689370643273736070232",
"204959245956919500000557698352923497727",
"79178136270752290869437934709439845435",
"35763561069686551401812316540218716048",
"155407727302030891086310250795867591593",
"6566944372441949601433236734745800993",
"216718548087427806829336023945031982278",
"264280864178669558664264134680070434906",
"24769221346687678975047931475780768468"
],
"threshold": 0.9
},
"signature_type": "Line",
"target": {
"file": "winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2020-11097-2f586647",
"source": "https://github.com/freerdp/freerdp/commit/58a3122250d54de3a944c487776bcd4d1da4721e",
"digest": {
"function_hash": "175833565996496883529938700350850501450",
"length": 110.0
},
"signature_type": "Function",
"target": {
"function": "ntlm_av_pair_get_id",
"file": "winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2020-11097-30d7ee78",
"source": "https://github.com/freerdp/freerdp/commit/58a3122250d54de3a944c487776bcd4d1da4721e",
"digest": {
"function_hash": "108927781308684179934043214772713380729",
"length": 2948.0
},
"signature_type": "Function",
"target": {
"function": "ntlm_construct_authenticate_target_info",
"file": "winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2020-11097-57e5e340",
"source": "https://github.com/freerdp/freerdp/commit/58a3122250d54de3a944c487776bcd4d1da4721e",
"digest": {
"function_hash": "209799115003739236552117946340401257257",
"length": 152.0
},
"signature_type": "Function",
"target": {
"function": "ntlm_av_pair_check",
"file": "winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2020-11097-79a17c93",
"source": "https://github.com/freerdp/freerdp/commit/58a3122250d54de3a944c487776bcd4d1da4721e",
"digest": {
"function_hash": "90441895559154137032814721709891955161",
"length": 245.0
},
"signature_type": "Function",
"target": {
"function": "ntlm_av_pair_next",
"file": "winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2020-11097-8ea28a20",
"source": "https://github.com/freerdp/freerdp/commit/58a3122250d54de3a944c487776bcd4d1da4721e",
"digest": {
"function_hash": "215958110980277934940452342873429714093",
"length": 90.0
},
"signature_type": "Function",
"target": {
"function": "ntlm_av_pair_get_next_offset",
"file": "winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2020-11097-ad3e0a61",
"source": "https://github.com/freerdp/freerdp/commit/58a3122250d54de3a944c487776bcd4d1da4721e",
"digest": {
"function_hash": "175833565996496883529938700350850501450",
"length": 110.0
},
"signature_type": "Function",
"target": {
"function": "ntlm_av_pair_get_len",
"file": "winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2020-11097-dbb633d7",
"source": "https://github.com/freerdp/freerdp/commit/58a3122250d54de3a944c487776bcd4d1da4721e",
"digest": {
"function_hash": "292406813035899045056174170143961825560",
"length": 392.0
},
"signature_type": "Function",
"target": {
"function": "ntlm_av_pair_get",
"file": "winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.c"
}
},
{
"signature_version": "v1",
"deprecated": false,
"id": "CVE-2020-11097-fd509f40",
"source": "https://github.com/freerdp/freerdp/commit/58a3122250d54de3a944c487776bcd4d1da4721e",
"digest": {
"function_hash": "227746966553372040698528109906061538220",
"length": 461.0
},
"signature_type": "Function",
"target": {
"function": "ntlm_print_av_pair_list",
"file": "winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.c"
}
}
]