In FreeRDP before version 2.1.2, there is a global OOB read in updatereadcachebitmapv3_order. As a workaround, one can disable bitmap cache with -bitmap-cache (default). This is fixed in version 2.1.2.
[
{
"signature_type": "Function",
"target": {
"function": "update_write_cache_bitmap_v2_order",
"file": "libfreerdp/core/orders.c"
},
"source": "https://github.com/freerdp/freerdp/commit/b8beb55913471952f92770c90c372139d78c16c0",
"deprecated": false,
"id": "CVE-2020-11096-0bbf500d",
"signature_version": "v1",
"digest": {
"length": 1555.0,
"function_hash": "11067355563640232952833483671773808771"
}
},
{
"signature_type": "Line",
"target": {
"file": "libfreerdp/core/orders.c"
},
"source": "https://github.com/freerdp/freerdp/commit/b8beb55913471952f92770c90c372139d78c16c0",
"deprecated": false,
"id": "CVE-2020-11096-0e132c40",
"signature_version": "v1",
"digest": {
"line_hashes": [
"59944795111450777379309692812485208066",
"194382804018296313270549219936072872849",
"120355910534221810669931434878507561494",
"91250727350712457263750453685681428889",
"46333913065121926996325102521055730193",
"304727245072926153052182169102668129452",
"52814080547308666971950060447690470421",
"11368543818720392629301783249152163503",
"91491093368311482739377289052397189921",
"186015203565991729397888441438137319786",
"86901620814772101926618798011162050913",
"88391112643039740123474136411756855790",
"198992211928506409194156029307362571161",
"336269731103404507570205482597550475262",
"214981160043047597676883633205070110565",
"175082398703257763288751504231723022282",
"291443493209747519479689742312044824920",
"201145260328871176723628270440441412456",
"62639688196519534269527813354138335198",
"173917952685437861191995553557851105960",
"41765353119044341249885127936944646642",
"148755739059555586494472809062315356701",
"107420166946612725405069047414824642909",
"201145260328871176723628270440441412456",
"16554081692590270020888743927173158583",
"128054283928092324632091490522415253445",
"202634512015619441407256508814499123373",
"19611361314979079022682643740124277819",
"54926316104049900301428751364614658477",
"83248876230214057726405852329738607163",
"10763461159671309723884436098123099149",
"106664886848032322667477092481701419528",
"56777863932163599429903580491758466128",
"194612464027064548445946208881322172317",
"296923997582979846888386842926620817674",
"246166631946007796399491422259975478059",
"226475640028902727553031741259947873569",
"99931096479708770409730799839191126952",
"303097824920444287025906419301311384868",
"19270196511300106356561585137334778691",
"272990739740129796814455903342331637265",
"284004480395281651057602369734597621262",
"279488399871341780767630042824539563851",
"105524741612254325560189409054785986634",
"311680883616286540085659540253567320438",
"134411874286276313658417076468510340753",
"206417574321251603815660951434830181608",
"282092525481318611928305456444422576671",
"200347399248387250992433017918389292717",
"306181039589927978914671396159071482688",
"281298154493493592651325939548195564080",
"183765251812367028674696622907432926311",
"174366372506024482165426743217654905317",
"268421256423905172836404987100496416698",
"238498509285055693244950048260686200107",
"190708956828862552681886089399507029590",
"273825447647740730015864697523663146601",
"198245226796875199688109776470663907780",
"207584466892824202616477205488523565098",
"314450918160418902194862996014474902812",
"109697898632922543892673512742112006785",
"29153593042648430864359310198466891878",
"174220318100395404162180265848663870759",
"123234841809440906180460849230475989918",
"132700983384943108683829122450124557168",
"284808721133915451425411425903547959655",
"165460688649100947547451124923206422840",
"131430385673023766819071725310602496062",
"314450918160418902194862996014474902812",
"169282662770393285080061298362143895564",
"150484476347020296944924767172004149049",
"203754862796266873091995632021685702820",
"327792952000939284125457743899384644544",
"132204508285714337254413315610795515327",
"288260653148236796669089429330469073871",
"41280948124974086970516799963061583787"
],
"threshold": 0.9
}
},
{
"signature_type": "Function",
"target": {
"function": "update_write_brush",
"file": "libfreerdp/core/orders.c"
},
"source": "https://github.com/freerdp/freerdp/commit/b8beb55913471952f92770c90c372139d78c16c0",
"deprecated": false,
"id": "CVE-2020-11096-27dbd875",
"signature_version": "v1",
"digest": {
"length": 955.0,
"function_hash": "293579969671240941682625953157135013268"
}
},
{
"signature_type": "Function",
"target": {
"function": "update_read_cache_brush_order",
"file": "libfreerdp/core/orders.c"
},
"source": "https://github.com/freerdp/freerdp/commit/b8beb55913471952f92770c90c372139d78c16c0",
"deprecated": false,
"id": "CVE-2020-11096-347a205a",
"signature_version": "v1",
"digest": {
"length": 1470.0,
"function_hash": "146141612043498727245554571307885332041"
}
},
{
"signature_type": "Function",
"target": {
"function": "update_read_brush",
"file": "libfreerdp/core/orders.c"
},
"source": "https://github.com/freerdp/freerdp/commit/b8beb55913471952f92770c90c372139d78c16c0",
"deprecated": false,
"id": "CVE-2020-11096-4ef6a152",
"signature_version": "v1",
"digest": {
"length": 1180.0,
"function_hash": "9218861704481100289841591108726406376"
}
},
{
"signature_type": "Function",
"target": {
"function": "update_read_cache_bitmap_v3_order",
"file": "libfreerdp/core/orders.c"
},
"source": "https://github.com/freerdp/freerdp/commit/b8beb55913471952f92770c90c372139d78c16c0",
"deprecated": false,
"id": "CVE-2020-11096-98122ff2",
"signature_version": "v1",
"digest": {
"length": 1247.0,
"function_hash": "112825482862667484235312482191764064113"
}
},
{
"signature_type": "Function",
"target": {
"function": "update_write_cache_brush_order",
"file": "libfreerdp/core/orders.c"
},
"source": "https://github.com/freerdp/freerdp/commit/b8beb55913471952f92770c90c372139d78c16c0",
"deprecated": false,
"id": "CVE-2020-11096-a682f1be",
"signature_version": "v1",
"digest": {
"length": 1226.0,
"function_hash": "192093465913594974919924724589954481139"
}
},
{
"signature_type": "Function",
"target": {
"function": "update_write_cache_bitmap_v3_order",
"file": "libfreerdp/core/orders.c"
},
"source": "https://github.com/freerdp/freerdp/commit/b8beb55913471952f92770c90c372139d78c16c0",
"deprecated": false,
"id": "CVE-2020-11096-c09f48f7",
"signature_version": "v1",
"digest": {
"length": 759.0,
"function_hash": "274177874706797067372169475604797833661"
}
},
{
"signature_type": "Function",
"target": {
"function": "update_read_cache_bitmap_v2_order",
"file": "libfreerdp/core/orders.c"
},
"source": "https://github.com/freerdp/freerdp/commit/b8beb55913471952f92770c90c372139d78c16c0",
"deprecated": false,
"id": "CVE-2020-11096-f01fd699",
"signature_version": "v1",
"digest": {
"length": 1794.0,
"function_hash": "110750369465455098698473796720306016477"
}
}
]