In FreeRDP before version 2.1.2, there is a global OOB read in updatereadcachebitmapv3_order. As a workaround, one can disable bitmap cache with -bitmap-cache (default). This is fixed in version 2.1.2.
{ "vanir_signatures": [ { "signature_type": "Function", "digest": { "length": 1555.0, "function_hash": "11067355563640232952833483671773808771" }, "deprecated": false, "id": "CVE-2020-11096-0bbf500d", "target": { "function": "update_write_cache_bitmap_v2_order", "file": "libfreerdp/core/orders.c" }, "signature_version": "v1", "source": "https://github.com/freerdp/freerdp/commit/b8beb55913471952f92770c90c372139d78c16c0" }, { "signature_type": "Line", "digest": { "threshold": 0.9, "line_hashes": [ "59944795111450777379309692812485208066", "194382804018296313270549219936072872849", "120355910534221810669931434878507561494", "91250727350712457263750453685681428889", "46333913065121926996325102521055730193", "304727245072926153052182169102668129452", "52814080547308666971950060447690470421", "11368543818720392629301783249152163503", "91491093368311482739377289052397189921", "186015203565991729397888441438137319786", "86901620814772101926618798011162050913", "88391112643039740123474136411756855790", "198992211928506409194156029307362571161", "336269731103404507570205482597550475262", "214981160043047597676883633205070110565", "175082398703257763288751504231723022282", "291443493209747519479689742312044824920", "201145260328871176723628270440441412456", "62639688196519534269527813354138335198", "173917952685437861191995553557851105960", "41765353119044341249885127936944646642", "148755739059555586494472809062315356701", "107420166946612725405069047414824642909", "201145260328871176723628270440441412456", "16554081692590270020888743927173158583", "128054283928092324632091490522415253445", "202634512015619441407256508814499123373", "19611361314979079022682643740124277819", "54926316104049900301428751364614658477", "83248876230214057726405852329738607163", "10763461159671309723884436098123099149", "106664886848032322667477092481701419528", "56777863932163599429903580491758466128", "194612464027064548445946208881322172317", "296923997582979846888386842926620817674", "246166631946007796399491422259975478059", "226475640028902727553031741259947873569", "99931096479708770409730799839191126952", "303097824920444287025906419301311384868", "19270196511300106356561585137334778691", "272990739740129796814455903342331637265", "284004480395281651057602369734597621262", "279488399871341780767630042824539563851", "105524741612254325560189409054785986634", "311680883616286540085659540253567320438", "134411874286276313658417076468510340753", "206417574321251603815660951434830181608", "282092525481318611928305456444422576671", "200347399248387250992433017918389292717", "306181039589927978914671396159071482688", "281298154493493592651325939548195564080", "183765251812367028674696622907432926311", "174366372506024482165426743217654905317", "268421256423905172836404987100496416698", "238498509285055693244950048260686200107", "190708956828862552681886089399507029590", "273825447647740730015864697523663146601", "198245226796875199688109776470663907780", "207584466892824202616477205488523565098", "314450918160418902194862996014474902812", "109697898632922543892673512742112006785", "29153593042648430864359310198466891878", "174220318100395404162180265848663870759", "123234841809440906180460849230475989918", "132700983384943108683829122450124557168", "284808721133915451425411425903547959655", "165460688649100947547451124923206422840", "131430385673023766819071725310602496062", "314450918160418902194862996014474902812", "169282662770393285080061298362143895564", "150484476347020296944924767172004149049", "203754862796266873091995632021685702820", "327792952000939284125457743899384644544", "132204508285714337254413315610795515327", "288260653148236796669089429330469073871", "41280948124974086970516799963061583787" ] }, "deprecated": false, "id": "CVE-2020-11096-0e132c40", "target": { "file": "libfreerdp/core/orders.c" }, "signature_version": "v1", "source": "https://github.com/freerdp/freerdp/commit/b8beb55913471952f92770c90c372139d78c16c0" }, { "signature_type": "Function", "digest": { "length": 955.0, "function_hash": "293579969671240941682625953157135013268" }, "deprecated": false, "id": "CVE-2020-11096-27dbd875", "target": { "function": "update_write_brush", "file": "libfreerdp/core/orders.c" }, "signature_version": "v1", "source": "https://github.com/freerdp/freerdp/commit/b8beb55913471952f92770c90c372139d78c16c0" }, { "signature_type": "Function", "digest": { "length": 1470.0, "function_hash": "146141612043498727245554571307885332041" }, "deprecated": false, "id": "CVE-2020-11096-347a205a", "target": { "function": "update_read_cache_brush_order", "file": "libfreerdp/core/orders.c" }, "signature_version": "v1", "source": "https://github.com/freerdp/freerdp/commit/b8beb55913471952f92770c90c372139d78c16c0" }, { "signature_type": "Function", "digest": { "length": 1180.0, "function_hash": "9218861704481100289841591108726406376" }, "deprecated": false, "id": "CVE-2020-11096-4ef6a152", "target": { "function": "update_read_brush", "file": "libfreerdp/core/orders.c" }, "signature_version": "v1", "source": "https://github.com/freerdp/freerdp/commit/b8beb55913471952f92770c90c372139d78c16c0" }, { "signature_type": "Function", "digest": { "length": 1247.0, "function_hash": "112825482862667484235312482191764064113" }, "deprecated": false, "id": "CVE-2020-11096-98122ff2", "target": { "function": "update_read_cache_bitmap_v3_order", "file": "libfreerdp/core/orders.c" }, "signature_version": "v1", "source": "https://github.com/freerdp/freerdp/commit/b8beb55913471952f92770c90c372139d78c16c0" }, { "signature_type": "Function", "digest": { "length": 1226.0, "function_hash": "192093465913594974919924724589954481139" }, "deprecated": false, "id": "CVE-2020-11096-a682f1be", "target": { "function": "update_write_cache_brush_order", "file": "libfreerdp/core/orders.c" }, "signature_version": "v1", "source": "https://github.com/freerdp/freerdp/commit/b8beb55913471952f92770c90c372139d78c16c0" }, { "signature_type": "Function", "digest": { "length": 759.0, "function_hash": "274177874706797067372169475604797833661" }, "deprecated": false, "id": "CVE-2020-11096-c09f48f7", "target": { "function": "update_write_cache_bitmap_v3_order", "file": "libfreerdp/core/orders.c" }, "signature_version": "v1", "source": "https://github.com/freerdp/freerdp/commit/b8beb55913471952f92770c90c372139d78c16c0" }, { "signature_type": "Function", "digest": { "length": 1794.0, "function_hash": "110750369465455098698473796720306016477" }, "deprecated": false, "id": "CVE-2020-11096-f01fd699", "target": { "function": "update_read_cache_bitmap_v2_order", "file": "libfreerdp/core/orders.c" }, "signature_version": "v1", "source": "https://github.com/freerdp/freerdp/commit/b8beb55913471952f92770c90c372139d78c16c0" } ] }