CVE-2020-11048

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-11048
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-11048.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-11048
Downstream
Related
Published
2020-05-07T20:15:12.190Z
Modified
2026-04-16T00:07:16.955088605Z
Severity
  • 2.2 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
[none]
Details

In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bounds read. It only allows to abort a session. No data extraction is possible. This has been fixed in 2.0.0.

Database specific 
{
    "unresolved_ranges": [
        {
            "cpe": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "16.04"
                }
            ],
            "source": "CPE_FIELD"
        },
        {
            "cpe": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "18.04"
                }
            ],
            "source": "CPE_FIELD"
        },
        {
            "cpe": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "19.10"
                }
            ],
            "source": "CPE_FIELD"
        },
        {
            "cpe": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "20.04"
                }
            ],
            "source": "CPE_FIELD"
        },
        {
            "cpe": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "10.0"
                }
            ],
            "source": "CPE_FIELD"
        },
        {
            "cpe": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
            "extracted_events": [
                {
                    "last_affected": "9.0"
                }
            ],
            "source": "CPE_FIELD"
        }
    ]
}
References

Affected packages

Git / github.com/freerdp/freerdp

Affected ranges

Type
GIT
Repo
https://github.com/freerdp/freerdp
Events
Introduced
41558e4bd6982d508914a4f7b8278615aef1ad9e
Fixed
5ab2bed8749747b8e4b2ed431fd102bc726be684
Fixed
9301bfe730c66180263248b74353daa99f5a969b
Database specific 
{
    "cpe": "cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "1.0.0"
        },
        {
            "fixed": "2.0.0"
        }
    ],
    "source": [
        "CPE_FIELD",
        "REFERENCES"
    ]
}

Affected versions

1.*
1.0.0
1.0.1
1.1.0-beta+2013071101
1.1.0-beta1
1.1.0-beta1+android2
1.1.0-beta1+android3
1.1.0-beta1+android4
1.1.0-beta1+android5
1.1.0-beta1+ios1
1.1.0-beta1+ios2
1.1.0-beta1+ios3
1.1.0-beta1+ios4
1.2.0-beta1+android7
1.2.0-beta1+android9
2.*
2.0.0-beta1+android10
2.0.0-beta1+android11
2.0.0-rc0
2.0.0-rc1
2.0.0-rc2
2.0.0-rc3
2.0.0-rc4

Database specific

vanir_signatures 
[
    {
        "id": "CVE-2020-11048-4f9ac9d6",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "207429656706164102241487631562483150029",
                "160855080664251780381481586080853864901",
                "154885552725460857237536460462182944693",
                "137057464677447681206941812240827118785",
                "32295946583092472538359192469478828536",
                "321372003978442485465940049287753759811",
                "216921153728238413575242304750854591780",
                "38875084919739579481613197757861568556",
                "118561823448347427604167643302528317857",
                "292472648421618007499905275026224403579",
                "317732064566241796915465113736984441406",
                "98157166811211554842277494294033859482",
                "47941600866532899626019413840293649997",
                "62939521881066200903176165356806219545",
                "27153392002938309650351908206670068486",
                "283916547381700756117322821801398420653",
                "209164361606408300950742918944485243074",
                "57575724307848464601797478208096395553",
                "338337927889444028183686346156617123270",
                "311237343593635781337249021078482090784",
                "40462881911335299008014078733993203247",
                "68994376286147872910360229220873259454",
                "282421208566998820852813773342451338942",
                "210270803240117053624892680821376108836",
                "307702040889948171696836427772694830619",
                "13203243765912103200161466416761043701",
                "311187427636141256049992373679639626920",
                "65135545341835649320137112016788135621",
                "154732157098890341529156619661194609155",
                "73836614939723900056058415358720293146",
                "292666546406820945978137218300693290034",
                "280142105074687418923488907376707508658",
                "19762445729772959933679794093234719576",
                "166754698775780058285793362753199756442",
                "268535692083178538713232645312179518176"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "libfreerdp/core/rdp.c"
        },
        "deprecated": false,
        "signature_version": "v1",
        "source": "https://github.com/freerdp/freerdp/commit/9301bfe730c66180263248b74353daa99f5a969b"
    },
    {
        "id": "CVE-2020-11048-c50e58a0",
        "signature_type": "Function",
        "source": "https://github.com/freerdp/freerdp/commit/9301bfe730c66180263248b74353daa99f5a969b",
        "target": {
            "file": "libfreerdp/core/rdp.c",
            "function": "rdp_read_share_control_header"
        },
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "function_hash": "140329716457334555727175628405082761095",
            "length": 461.0
        }
    },
    {
        "id": "CVE-2020-11048-c72a53b9",
        "signature_type": "Function",
        "source": "https://github.com/freerdp/freerdp/commit/9301bfe730c66180263248b74353daa99f5a969b",
        "target": {
            "file": "libfreerdp/core/rdp.c",
            "function": "rdp_read_flow_control_pdu"
        },
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "function_hash": "322073029365240409201041536492797667931",
            "length": 191.0
        }
    }
]
vanir_signatures_modified 
"2026-04-11T22:57:00Z"
source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-11048.json"