In FreeRDP before version 2.1.2, an out of bound reads occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARYDRAWINGORDERFIELDBYTES. This is fixed in version 2.1.2.
{ "vanir_signatures": [ { "source": "https://github.com/freerdp/freerdp/commit/733ee3208306b1ea32697b356c0215180fc3f049", "signature_version": "v1", "signature_type": "Line", "deprecated": false, "target": { "file": "libfreerdp/core/orders.h" }, "digest": { "line_hashes": [ "83661530759982272789217462015793004948", "104878762670831033221038354390862029992", "272791363284371295445272591884693975401", "59035219335736776498321796800408841562" ], "threshold": 0.9 }, "id": "CVE-2020-11095-01d412ed" }, { "source": "https://github.com/freerdp/freerdp/commit/733ee3208306b1ea32697b356c0215180fc3f049", "signature_version": "v1", "signature_type": "Line", "deprecated": false, "target": { "file": "libfreerdp/core/orders.c" }, "digest": { "line_hashes": [ "9759038510914153151753686765191576263", "290154212763052016131990678920133275954", "249898937819111962917541175407661968503", "9480646981039770999629887452317917297", "334504280783061180027247104794539925430", "58022289259760113300482021178428663631", "235876622437882869915650874338137663887", "133660594172436699444737295962343827097", "166538765259880885522691248734548658942", "152291646746058793889267262004007075811", "172149259027087655330513228828854746412", "164189415258152970783584916209882081693", "235447140459646522187855208664465111056", "22122000450042738873007236164692226898", "206694047387587892450265805180409652752", "285267825885063871661252555139000069639", "186451396646150396976295856402944880976", "81266851703937408823435276374744354535", "311225725042471257454275561203978202577", "63966758279282169383689912452614345143", "115502546802478225862671080829981485011", "298893753226290350850240375580619916212", "292920811732494256497932986498392005822", "191518170265669174038079689101026416154", "166840725413501580278739390645942911216", "193584340490708272010340958548543601010", "231406475063650752961702704558912809580", "256983624576199715159359161785948366273", "93190132112039027567612199996226306320", "196867229223080109059412830222949908763", "187241487131371847673043198898093463543", "188063835210165077972796720861205759445", "320348616264852036458507898176811273998", "19053007537966158981504779920264158015", "203262827079066056084730114919551386491", "78344982513801114018445121427657684676", "140937005991472515683952357623857850985", "70369829736225306102093320579934457875", "137525204350763100379661508180913696802", "247324917332950350967570186226186885862" ], "threshold": 0.9 }, "id": "CVE-2020-11095-09f67a65" }, { "source": "https://github.com/freerdp/freerdp/commit/733ee3208306b1ea32697b356c0215180fc3f049", "signature_version": "v1", "signature_type": "Function", "deprecated": false, "target": { "file": "libfreerdp/core/update.c", "function": "update_write_order_info" }, "digest": { "function_hash": "89453379062158814636837924878991058012", "length": 507.0 }, "id": "CVE-2020-11095-b493609d" }, { "source": "https://github.com/freerdp/freerdp/commit/733ee3208306b1ea32697b356c0215180fc3f049", "signature_version": "v1", "signature_type": "Line", "deprecated": false, "target": { "file": "libfreerdp/core/update.c" }, "digest": { "line_hashes": [ "114829444431920560345576120937813952411", "208571286661820508873851357782052137376", "81162141223216018511128831936303510464", "67815018825020280448445364143843638252", "324654615962338714444883474300906990083", "209402898838706323263609621266652449545", "298594240373064264627897670645252968065", "322233294610379819808384893239863844800" ], "threshold": 0.9 }, "id": "CVE-2020-11095-b8aa165e" }, { "source": "https://github.com/freerdp/freerdp/commit/733ee3208306b1ea32697b356c0215180fc3f049", "signature_version": "v1", "signature_type": "Function", "deprecated": false, "target": { "file": "libfreerdp/core/orders.c", "function": "update_recv_primary_order" }, "digest": { "function_hash": "74082899412568118938237995509703980745", "length": 6647.0 }, "id": "CVE-2020-11095-ed7a5b1e" }, { "source": "https://github.com/freerdp/freerdp/commit/733ee3208306b1ea32697b356c0215180fc3f049", "signature_version": "v1", "signature_type": "Function", "deprecated": false, "target": { "file": "libfreerdp/core/update.c", "function": "update_prepare_order_info" }, "digest": { "function_hash": "48970460822276361034849254676751372629", "length": 348.0 }, "id": "CVE-2020-11095-ef3ef17a" } ] }