CVE-2020-11097

Source
https://nvd.nist.gov/vuln/detail/CVE-2020-11097
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-11097.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-11097
Downstream
Related
Published
2020-06-22T22:15:12Z
Modified
2025-09-19T11:36:27.245381Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVSS Calculator
Summary
[none]
Details

In FreeRDP before version 2.1.2, an out of bounds read occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARYDRAWINGORDERFIELDBYTES. This is fixed in version 2.1.2.

References

Affected packages

Git / github.com/freerdp/freerdp

Affected ranges

Type
GIT
Repo
https://github.com/freerdp/freerdp
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

1.*

1.0-beta1
1.0-beta2
1.0-beta3
1.0-beta4
1.0-beta5
1.0.0
1.0.1
1.1.0-beta+2013071101
1.1.0-beta1
1.1.0-beta1+android2
1.1.0-beta1+android3
1.1.0-beta1+android4
1.1.0-beta1+android5
1.1.0-beta1+ios1
1.1.0-beta1+ios2
1.1.0-beta1+ios3
1.1.0-beta1+ios4
1.2.0-beta1+android7
1.2.0-beta1+android9

2.*

2.0.0
2.0.0-beta1+android10
2.0.0-beta1+android11
2.0.0-rc0
2.0.0-rc1
2.0.0-rc2
2.0.0-rc3
2.0.0-rc4

Database specific

{
    "vanir_signatures": [
        {
            "digest": {
                "function_hash": "57488475844778396462460790092864555790",
                "length": 237.0
            },
            "id": "CVE-2020-11097-212ea6e0",
            "source": "https://github.com/freerdp/freerdp/commit/58a3122250d54de3a944c487776bcd4d1da4721e",
            "signature_type": "Function",
            "signature_version": "v1",
            "target": {
                "file": "winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.c",
                "function": "ntlm_av_pair_add_copy"
            },
            "deprecated": false
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "281199093337488200191958111791756366853",
                    "86361152385755966826729106938199490232",
                    "301258790964740342752047417413381409325",
                    "64871899050614241632329072053632383438",
                    "171629921269689412698261980165533363166",
                    "280985466425593815851120201738318197848",
                    "215031949970783615435428995198206216453",
                    "286438992864848406489036145044154905334",
                    "113752148089474114952837197080630701144",
                    "261104035268028934009696214851412871679",
                    "98989221216521820866967581278618381482",
                    "337742880902647651629047093659632208933",
                    "3334756412236517589181867201979733455",
                    "103245678047144842394138995286077424134",
                    "5166378531987869140672072634351512732",
                    "249200620952908277699102100906082171268",
                    "115587606294612258886551207392690826315",
                    "36484635899830625272804187925422326882",
                    "188107224532099152941644997882149622203",
                    "180995325117604890745894139970635283717",
                    "436036971502398700086804216155473821",
                    "13529482424500140519531356944398575912",
                    "136417555553341533743111632568764786077",
                    "239445366359930780630590472806495990522",
                    "132711345408900996857392493114575091850",
                    "295114563189248967616603163122388961511",
                    "242173724222210736403411708683860662329",
                    "330855163572209597226193036534035120791",
                    "91374909195604381407826664147616620024",
                    "96083745236847862914030290942849033056",
                    "22209690621860503893893589792044144381",
                    "57244532241024405700955981970156616836",
                    "57101202039700414667920455083041397523",
                    "313012558092589049358220648949321429457",
                    "245617393233253849284754177811591500060",
                    "69418438796879696461326147429630176135",
                    "150329480413620240615249325058868698542",
                    "115366925041650720317956991863994919354",
                    "271022599464925284833260632313878238678",
                    "313539118943810949408059871957705625692",
                    "337682998172270753137155573263664761500",
                    "136403229665872719211530308254949039834",
                    "192915648604426182295163500785957816589",
                    "71241307273316452603812038843946428292",
                    "6774316596784631972329756482198279032",
                    "107836011117986293807400463457708225656",
                    "55819068125011700510501495665340032292",
                    "201806937536850179500748766512066582561",
                    "61340727451805348634457892027747916553",
                    "206448064473308206000361481115046595942",
                    "253106058364440878946468316007062645472",
                    "149556273958818351783449250945774504637",
                    "163346887054405021868980364527044038797",
                    "281859025270304923139001026590981219081",
                    "111023201722658384554392286046801719828",
                    "208043048851928609541199680414385351849",
                    "194314692853375298167416266599964257412",
                    "330855163572209597226193036534035120791",
                    "133343078431817319198405452851395702822",
                    "92051402708876702855213372929775476882",
                    "20262677845246949811982578871421752273",
                    "30294040465972978337665516207326600302",
                    "100596151595386892808686808876444322873",
                    "218380447903229931902041113406121401348",
                    "79432236620937571761573377056172891904",
                    "5833464350851945518932825287130234697",
                    "165406605710286884109355416855268162045",
                    "316748516904409782601425098032849292255",
                    "325598333547243503755203230585074483313",
                    "232014736034377139483828393234310555034",
                    "47297651524244483785701207195065630951",
                    "125950940752756859446411444416177807277",
                    "66067983669307139571201381189351074732",
                    "262687917827257726382326812727132182398",
                    "151264887144978549018035186497608873800",
                    "245158052017045770391939370792141102474",
                    "202701610286915524349915576408099196539",
                    "290948123518871606490567816206993941126",
                    "212931074934022063009393948878372429454",
                    "42619806236160354111725301116625869093",
                    "15983919559890403491364002881865209377",
                    "28762489451009499044273910584057284010",
                    "197281290636470483770762266484523134261",
                    "151802289544448969219420074066886837252",
                    "274621551085559560253152700213456124964",
                    "98894975566764290785317935575630181502",
                    "253891738001197617345319286635477158345",
                    "10275772404493237892076057494046037714",
                    "323593557470075104773257748948920174739",
                    "286218120647365853809383241850110654331",
                    "271616553223947234689370643273736070232",
                    "204959245956919500000557698352923497727",
                    "79178136270752290869437934709439845435",
                    "35763561069686551401812316540218716048",
                    "155407727302030891086310250795867591593",
                    "6566944372441949601433236734745800993",
                    "216718548087427806829336023945031982278",
                    "264280864178669558664264134680070434906",
                    "24769221346687678975047931475780768468"
                ]
            },
            "id": "CVE-2020-11097-272bcffb",
            "source": "https://github.com/freerdp/freerdp/commit/58a3122250d54de3a944c487776bcd4d1da4721e",
            "signature_type": "Line",
            "signature_version": "v1",
            "target": {
                "file": "winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.c"
            },
            "deprecated": false
        },
        {
            "digest": {
                "function_hash": "175833565996496883529938700350850501450",
                "length": 110.0
            },
            "id": "CVE-2020-11097-2f586647",
            "source": "https://github.com/freerdp/freerdp/commit/58a3122250d54de3a944c487776bcd4d1da4721e",
            "signature_type": "Function",
            "signature_version": "v1",
            "target": {
                "file": "winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.c",
                "function": "ntlm_av_pair_get_id"
            },
            "deprecated": false
        },
        {
            "digest": {
                "function_hash": "108927781308684179934043214772713380729",
                "length": 2948.0
            },
            "id": "CVE-2020-11097-30d7ee78",
            "source": "https://github.com/freerdp/freerdp/commit/58a3122250d54de3a944c487776bcd4d1da4721e",
            "signature_type": "Function",
            "signature_version": "v1",
            "target": {
                "file": "winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.c",
                "function": "ntlm_construct_authenticate_target_info"
            },
            "deprecated": false
        },
        {
            "digest": {
                "function_hash": "209799115003739236552117946340401257257",
                "length": 152.0
            },
            "id": "CVE-2020-11097-57e5e340",
            "source": "https://github.com/freerdp/freerdp/commit/58a3122250d54de3a944c487776bcd4d1da4721e",
            "signature_type": "Function",
            "signature_version": "v1",
            "target": {
                "file": "winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.c",
                "function": "ntlm_av_pair_check"
            },
            "deprecated": false
        },
        {
            "digest": {
                "function_hash": "90441895559154137032814721709891955161",
                "length": 245.0
            },
            "id": "CVE-2020-11097-79a17c93",
            "source": "https://github.com/freerdp/freerdp/commit/58a3122250d54de3a944c487776bcd4d1da4721e",
            "signature_type": "Function",
            "signature_version": "v1",
            "target": {
                "file": "winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.c",
                "function": "ntlm_av_pair_next"
            },
            "deprecated": false
        },
        {
            "digest": {
                "function_hash": "215958110980277934940452342873429714093",
                "length": 90.0
            },
            "id": "CVE-2020-11097-8ea28a20",
            "source": "https://github.com/freerdp/freerdp/commit/58a3122250d54de3a944c487776bcd4d1da4721e",
            "signature_type": "Function",
            "signature_version": "v1",
            "target": {
                "file": "winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.c",
                "function": "ntlm_av_pair_get_next_offset"
            },
            "deprecated": false
        },
        {
            "digest": {
                "function_hash": "175833565996496883529938700350850501450",
                "length": 110.0
            },
            "id": "CVE-2020-11097-ad3e0a61",
            "source": "https://github.com/freerdp/freerdp/commit/58a3122250d54de3a944c487776bcd4d1da4721e",
            "signature_type": "Function",
            "signature_version": "v1",
            "target": {
                "file": "winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.c",
                "function": "ntlm_av_pair_get_len"
            },
            "deprecated": false
        },
        {
            "digest": {
                "function_hash": "292406813035899045056174170143961825560",
                "length": 392.0
            },
            "id": "CVE-2020-11097-dbb633d7",
            "source": "https://github.com/freerdp/freerdp/commit/58a3122250d54de3a944c487776bcd4d1da4721e",
            "signature_type": "Function",
            "signature_version": "v1",
            "target": {
                "file": "winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.c",
                "function": "ntlm_av_pair_get"
            },
            "deprecated": false
        },
        {
            "digest": {
                "function_hash": "227746966553372040698528109906061538220",
                "length": 461.0
            },
            "id": "CVE-2020-11097-fd509f40",
            "source": "https://github.com/freerdp/freerdp/commit/58a3122250d54de3a944c487776bcd4d1da4721e",
            "signature_type": "Function",
            "signature_version": "v1",
            "target": {
                "file": "winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.c",
                "function": "ntlm_print_av_pair_list"
            },
            "deprecated": false
        }
    ]
}