In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlmreadntlmv2client_challenge that reads up to 28 bytes out-of-bound to an internal structure. This has been fixed in 2.1.0.
{
"unresolved_ranges": [
{
"source": "CPE_STRING",
"vendor_product": "debian:debian_linux",
"extracted_events": [
{
"introduced": "10.0"
},
{
"last_affected": "10.0"
}
],
"cpes": [
"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"
]
},
{
"source": "CPE_STRING",
"vendor_product": "opensuse:leap",
"extracted_events": [
{
"introduced": "15.1"
},
{
"last_affected": "15.1"
}
],
"cpes": [
"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"
]
}
]
}{
"cpe": "cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*",
"source": [
"CPE_RANGE",
"REFERENCES"
],
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "2.1.0"
}
]
}"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-11086.json"
[
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"211676456731767137019728773717396383906",
"142002718534890085186882303774041871813",
"326590373457921532474577125776340758673",
"92446602161392049848322987325756642675",
"244837119603015813013823863255436314461",
"88986712316767417463579653199593800425",
"205040071286649792016492765856929257982",
"322933729723612140702113726666585771660"
]
},
"source": "https://github.com/freerdp/freerdp/commit/c098f21fdaadca57ff649eee1674f6cc321a2ec4",
"deprecated": false,
"signature_type": "Line",
"id": "CVE-2020-11086-5849ac3d",
"signature_version": "v1",
"target": {
"file": "winpr/libwinpr/sspi/NTLM/ntlm_compute.c"
}
},
{
"digest": {
"length": 652.0,
"function_hash": "191925567384038713584274953095323463496"
},
"source": "https://github.com/freerdp/freerdp/commit/c098f21fdaadca57ff649eee1674f6cc321a2ec4",
"deprecated": false,
"signature_type": "Function",
"id": "CVE-2020-11086-a90348c5",
"signature_version": "v1",
"target": {
"file": "winpr/libwinpr/sspi/NTLM/ntlm_compute.c",
"function": "ntlm_read_ntlm_v2_client_challenge"
}
}
]
"2026-07-09T04:02:26Z"