CVE-2020-11096

In FreeRDP before version 2.1.2, there is a global OOB read in updatereadcachebitmapv3_order. As a workaround, one can disable bitmap cache with -bitmap-cache (default). This is fixed in version 2.1.2.

References

Affected packages

Git / github.com/freerdp/freerdp

Affected ranges

Type: GIT
Repo: https://github.com/freerdp/freerdp
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

b8beb55913471952f92770c90c372139d78c16c0

Affected versions

1.*

1.0-beta1

1.0-beta2

1.0-beta3

1.0-beta4

1.0-beta5

1.0.0

1.0.1

1.1.0-beta+2013071101

1.1.0-beta1

1.1.0-beta1+android2

1.1.0-beta1+android3

1.1.0-beta1+android4

1.1.0-beta1+android5

1.1.0-beta1+ios1

1.1.0-beta1+ios2

1.1.0-beta1+ios3

1.1.0-beta1+ios4

1.2.0-beta1+android7

1.2.0-beta1+android9

2.*

2.0.0

2.0.0-beta1+android10

2.0.0-beta1+android11

2.0.0-rc0

2.0.0-rc1

2.0.0-rc2

2.0.0-rc3

2.0.0-rc4

Database specific

vanir_signatures

[
    {
        "signature_type": "Function",
        "target": {
            "function": "update_write_cache_bitmap_v2_order",
            "file": "libfreerdp/core/orders.c"
        },
        "source": "https://github.com/freerdp/freerdp/commit/b8beb55913471952f92770c90c372139d78c16c0",
        "deprecated": false,
        "id": "CVE-2020-11096-0bbf500d",
        "signature_version": "v1",
        "digest": {
            "length": 1555.0,
            "function_hash": "11067355563640232952833483671773808771"
        }
    },
    {
        "signature_type": "Line",
        "target": {
            "file": "libfreerdp/core/orders.c"
        },
        "source": "https://github.com/freerdp/freerdp/commit/b8beb55913471952f92770c90c372139d78c16c0",
        "deprecated": false,
        "id": "CVE-2020-11096-0e132c40",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "59944795111450777379309692812485208066",
                "194382804018296313270549219936072872849",
                "120355910534221810669931434878507561494",
                "91250727350712457263750453685681428889",
                "46333913065121926996325102521055730193",
                "304727245072926153052182169102668129452",
                "52814080547308666971950060447690470421",
                "11368543818720392629301783249152163503",
                "91491093368311482739377289052397189921",
                "186015203565991729397888441438137319786",
                "86901620814772101926618798011162050913",
                "88391112643039740123474136411756855790",
                "198992211928506409194156029307362571161",
                "336269731103404507570205482597550475262",
                "214981160043047597676883633205070110565",
                "175082398703257763288751504231723022282",
                "291443493209747519479689742312044824920",
                "201145260328871176723628270440441412456",
                "62639688196519534269527813354138335198",
                "173917952685437861191995553557851105960",
                "41765353119044341249885127936944646642",
                "148755739059555586494472809062315356701",
                "107420166946612725405069047414824642909",
                "201145260328871176723628270440441412456",
                "16554081692590270020888743927173158583",
                "128054283928092324632091490522415253445",
                "202634512015619441407256508814499123373",
                "19611361314979079022682643740124277819",
                "54926316104049900301428751364614658477",
                "83248876230214057726405852329738607163",
                "10763461159671309723884436098123099149",
                "106664886848032322667477092481701419528",
                "56777863932163599429903580491758466128",
                "194612464027064548445946208881322172317",
                "296923997582979846888386842926620817674",
                "246166631946007796399491422259975478059",
                "226475640028902727553031741259947873569",
                "99931096479708770409730799839191126952",
                "303097824920444287025906419301311384868",
                "19270196511300106356561585137334778691",
                "272990739740129796814455903342331637265",
                "284004480395281651057602369734597621262",
                "279488399871341780767630042824539563851",
                "105524741612254325560189409054785986634",
                "311680883616286540085659540253567320438",
                "134411874286276313658417076468510340753",
                "206417574321251603815660951434830181608",
                "282092525481318611928305456444422576671",
                "200347399248387250992433017918389292717",
                "306181039589927978914671396159071482688",
                "281298154493493592651325939548195564080",
                "183765251812367028674696622907432926311",
                "174366372506024482165426743217654905317",
                "268421256423905172836404987100496416698",
                "238498509285055693244950048260686200107",
                "190708956828862552681886089399507029590",
                "273825447647740730015864697523663146601",
                "198245226796875199688109776470663907780",
                "207584466892824202616477205488523565098",
                "314450918160418902194862996014474902812",
                "109697898632922543892673512742112006785",
                "29153593042648430864359310198466891878",
                "174220318100395404162180265848663870759",
                "123234841809440906180460849230475989918",
                "132700983384943108683829122450124557168",
                "284808721133915451425411425903547959655",
                "165460688649100947547451124923206422840",
                "131430385673023766819071725310602496062",
                "314450918160418902194862996014474902812",
                "169282662770393285080061298362143895564",
                "150484476347020296944924767172004149049",
                "203754862796266873091995632021685702820",
                "327792952000939284125457743899384644544",
                "132204508285714337254413315610795515327",
                "288260653148236796669089429330469073871",
                "41280948124974086970516799963061583787"
            ],
            "threshold": 0.9
        }
    },
    {
        "signature_type": "Function",
        "target": {
            "function": "update_write_brush",
            "file": "libfreerdp/core/orders.c"
        },
        "source": "https://github.com/freerdp/freerdp/commit/b8beb55913471952f92770c90c372139d78c16c0",
        "deprecated": false,
        "id": "CVE-2020-11096-27dbd875",
        "signature_version": "v1",
        "digest": {
            "length": 955.0,
            "function_hash": "293579969671240941682625953157135013268"
        }
    },
    {
        "signature_type": "Function",
        "target": {
            "function": "update_read_cache_brush_order",
            "file": "libfreerdp/core/orders.c"
        },
        "source": "https://github.com/freerdp/freerdp/commit/b8beb55913471952f92770c90c372139d78c16c0",
        "deprecated": false,
        "id": "CVE-2020-11096-347a205a",
        "signature_version": "v1",
        "digest": {
            "length": 1470.0,
            "function_hash": "146141612043498727245554571307885332041"
        }
    },
    {
        "signature_type": "Function",
        "target": {
            "function": "update_read_brush",
            "file": "libfreerdp/core/orders.c"
        },
        "source": "https://github.com/freerdp/freerdp/commit/b8beb55913471952f92770c90c372139d78c16c0",
        "deprecated": false,
        "id": "CVE-2020-11096-4ef6a152",
        "signature_version": "v1",
        "digest": {
            "length": 1180.0,
            "function_hash": "9218861704481100289841591108726406376"
        }
    },
    {
        "signature_type": "Function",
        "target": {
            "function": "update_read_cache_bitmap_v3_order",
            "file": "libfreerdp/core/orders.c"
        },
        "source": "https://github.com/freerdp/freerdp/commit/b8beb55913471952f92770c90c372139d78c16c0",
        "deprecated": false,
        "id": "CVE-2020-11096-98122ff2",
        "signature_version": "v1",
        "digest": {
            "length": 1247.0,
            "function_hash": "112825482862667484235312482191764064113"
        }
    },
    {
        "signature_type": "Function",
        "target": {
            "function": "update_write_cache_brush_order",
            "file": "libfreerdp/core/orders.c"
        },
        "source": "https://github.com/freerdp/freerdp/commit/b8beb55913471952f92770c90c372139d78c16c0",
        "deprecated": false,
        "id": "CVE-2020-11096-a682f1be",
        "signature_version": "v1",
        "digest": {
            "length": 1226.0,
            "function_hash": "192093465913594974919924724589954481139"
        }
    },
    {
        "signature_type": "Function",
        "target": {
            "function": "update_write_cache_bitmap_v3_order",
            "file": "libfreerdp/core/orders.c"
        },
        "source": "https://github.com/freerdp/freerdp/commit/b8beb55913471952f92770c90c372139d78c16c0",
        "deprecated": false,
        "id": "CVE-2020-11096-c09f48f7",
        "signature_version": "v1",
        "digest": {
            "length": 759.0,
            "function_hash": "274177874706797067372169475604797833661"
        }
    },
    {
        "signature_type": "Function",
        "target": {
            "function": "update_read_cache_bitmap_v2_order",
            "file": "libfreerdp/core/orders.c"
        },
        "source": "https://github.com/freerdp/freerdp/commit/b8beb55913471952f92770c90c372139d78c16c0",
        "deprecated": false,
        "id": "CVE-2020-11096-f01fd699",
        "signature_version": "v1",
        "digest": {
            "length": 1794.0,
            "function_hash": "110750369465455098698473796720306016477"
        }
    }
]