CVE-2020-11048

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2020-11048
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-11048.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-11048
Downstream
Related
Published
2020-05-07T20:15:12Z
Modified
2025-09-19T11:35:51.805467Z
Severity
  • 2.2 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
[none]
Details

In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bounds read. It only allows to abort a session. No data extraction is possible. This has been fixed in 2.0.0.

References

Affected packages

Git / github.com/freerdp/freerdp

Affected ranges

Type
GIT
Repo
https://github.com/freerdp/freerdp
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
9301bfe730c66180263248b74353daa99f5a969b

Affected versions

1.*

1.0-beta1
1.0-beta2
1.0-beta3
1.0-beta4
1.0-beta5
1.0.0
1.0.1
1.1.0-beta+2013071101
1.1.0-beta1
1.1.0-beta1+android2
1.1.0-beta1+android3
1.1.0-beta1+android4
1.1.0-beta1+android5
1.1.0-beta1+ios1
1.1.0-beta1+ios2
1.1.0-beta1+ios3
1.1.0-beta1+ios4
1.2.0-beta1+android7
1.2.0-beta1+android9

2.*

2.0.0-beta1+android10
2.0.0-beta1+android11
2.0.0-rc0
2.0.0-rc1
2.0.0-rc2
2.0.0-rc3
2.0.0-rc4

Database specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "207429656706164102241487631562483150029",
                    "160855080664251780381481586080853864901",
                    "154885552725460857237536460462182944693",
                    "137057464677447681206941812240827118785",
                    "32295946583092472538359192469478828536",
                    "321372003978442485465940049287753759811",
                    "216921153728238413575242304750854591780",
                    "38875084919739579481613197757861568556",
                    "118561823448347427604167643302528317857",
                    "292472648421618007499905275026224403579",
                    "317732064566241796915465113736984441406",
                    "98157166811211554842277494294033859482",
                    "47941600866532899626019413840293649997",
                    "62939521881066200903176165356806219545",
                    "27153392002938309650351908206670068486",
                    "283916547381700756117322821801398420653",
                    "209164361606408300950742918944485243074",
                    "57575724307848464601797478208096395553",
                    "338337927889444028183686346156617123270",
                    "311237343593635781337249021078482090784",
                    "40462881911335299008014078733993203247",
                    "68994376286147872910360229220873259454",
                    "282421208566998820852813773342451338942",
                    "210270803240117053624892680821376108836",
                    "307702040889948171696836427772694830619",
                    "13203243765912103200161466416761043701",
                    "311187427636141256049992373679639626920",
                    "65135545341835649320137112016788135621",
                    "154732157098890341529156619661194609155",
                    "73836614939723900056058415358720293146",
                    "292666546406820945978137218300693290034",
                    "280142105074687418923488907376707508658",
                    "19762445729772959933679794093234719576",
                    "166754698775780058285793362753199756442",
                    "268535692083178538713232645312179518176"
                ]
            },
            "id": "CVE-2020-11048-4f9ac9d6",
            "source": "https://github.com/freerdp/freerdp/commit/9301bfe730c66180263248b74353daa99f5a969b",
            "signature_type": "Line",
            "signature_version": "v1",
            "target": {
                "file": "libfreerdp/core/rdp.c"
            },
            "deprecated": false
        },
        {
            "digest": {
                "function_hash": "140329716457334555727175628405082761095",
                "length": 461.0
            },
            "id": "CVE-2020-11048-c50e58a0",
            "source": "https://github.com/freerdp/freerdp/commit/9301bfe730c66180263248b74353daa99f5a969b",
            "signature_type": "Function",
            "signature_version": "v1",
            "target": {
                "file": "libfreerdp/core/rdp.c",
                "function": "rdp_read_share_control_header"
            },
            "deprecated": false
        },
        {
            "digest": {
                "function_hash": "322073029365240409201041536492797667931",
                "length": 191.0
            },
            "id": "CVE-2020-11048-c72a53b9",
            "source": "https://github.com/freerdp/freerdp/commit/9301bfe730c66180263248b74353daa99f5a969b",
            "signature_type": "Function",
            "signature_version": "v1",
            "target": {
                "file": "libfreerdp/core/rdp.c",
                "function": "rdp_read_flow_control_pdu"
            },
            "deprecated": false
        }
    ]
}