An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in ntlmreadChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "76520381303793706354394905156980639001", "282566849556074964205805592990203830151", "2698456206615341861518141281162735263", "336224440757755728172154181684934044262", "284261491817822275984846553019646872461", "174244900834914134481064781483553193622", "25123155323745967112731675775873879837", "148364140446082720606710342613023699548", "329592443135845426657122755048216713889", "92050099407558400304911403809018760521", "219778130722162753086991176156569321635", "125116767760870193408727759792769658146", "88416154254472454682746949546237262074", "79952438847140396587226509256224753217", "121807398591422663603578373372885019896", "253662455073028227159382901201324874617", "123343054448212955456026968069702074263", "85020857556450694534509256204783017162", "255268007936620559016517340264197516878", "108335059698860200798144054774198324742", "253662455073028227159382901201324874617", "240995267951714944486160611582135353152", "291074483248729273453431999541330985308", "129017258434056908024324606257422911030", "70583760549871203164819784487145745882", "253662455073028227159382901201324874617", "287317102111360111191812340028500137571", "78096176348979768258085483910943756995", "189514320141550507647682763963431167914", "263521197669050329772330980423265818807", "253662455073028227159382901201324874617", "125553016897872548207771638126188345197", "221427188409031947289975677762055770763", "48211495049074874002077796785519702699", "51841942972102033420572675048580799302", "227149694492067127439389869671648232881", "25657475031488990629022805907062583020", "253662455073028227159382901201324874617", "236131924727105989770235627263969569172", "404961262520880213896549041560818677", "76520519321503052670336425612450828138", "42182737805846986767588101573941834629", "175267322124283822811329432679139428655", "25657475031488990629022805907062583020", "253662455073028227159382901201324874617", "179969551482694339913226104554343424711", "110823472763331360591313786754000110041", "252595975412916820974593547068248951630", "203616502083983596101483711872570850921", "148032249025554410770411864522517842292", "253662455073028227159382901201324874617", "86259315868274478866129269715086657323", "304449601009727400554869754590693330504", "5769487755201660675613962178441835555", "103252313546216007019505893436124695779", "6528800998010061828632523047093720207", "198293103083158085166393109051800837141", "253662455073028227159382901201324874617", "321450999058637810535222367808907282124", "144054043621970048034713444083207762265", "254459861314800345377836294395846988880", "325477314746408175987086886507696388647", "323817494117943062766276477142106828756", "29830899257949064160324195422047496607", "76658061156390856718071325176261237349", "149674284592307821669701883019372276889", "22403996456231067067373353180918568504", "264765439589889091805463967585975883466", "170315957829491235757955819577812241687", "255215294974773659930854751842363868195", "237216221709819711804293436047757821876", "292953039882829041295606457345555572947", "218766423504259947289900408253431671550", "22403996456231067067373353180918568504", "184447313844979918470961562939609686580", "164618626292090153856976000591043055846", "104526990048086803078362948849364608156", "171221644522950278383225378516731773808", "280886997198293342038796419464347791413", "219289979057791117579204233858393480502", "322937327511811249489781785390541257866", "315896174128681262367343401928670534491", "295644083560539443863928791112575506855", "304841028687548304366317311638277229790", "268214698980186406298142140306129214751", "50740373022697109694620992539524500864", "22403996456231067067373353180918568504", "285490879323213147339368713077726501539", "95436462363306011830873191765979715015", "156027718641624427258416852038815979138", "173432492318165356035225302545932184904", "42395135299068077890231018357304392881", "183564901653277209536945505928777561068", "248821439445727256144157035414161211328", "22403996456231067067373353180918568504", "285796042501991946444159004307681763947", "135815570073712181521374754386610406042", "284216379088730192347659933499939622455", "266197114402477364268695471994224603855", "155404006809631617980518073615825954117", "61220545607901056910946501117221981609", "22403996456231067067373353180918568504", "137446275411128756183703025870136031408", "163013432576364131338761776619017607703", "60032182530726175694029106914526931218", "179876652548909961644942277693680262836", "22403996456231067067373353180918568504", "183277554081267176911287656947754279486", "77451657823830781328797188815744328662", "214214016723929973918295023957816395233", "325604262791483187033109266344103980245", "251949897614616272012089048062998320802", "141530621083971726944693880189356676330", "16807126797070448674878768397853130304", "288094109949166151755610643723371366988", "64629159380884632234461067962436319766" ] }, "id": "CVE-2020-13396-0ee58b18", "source": "https://github.com/freerdp/freerdp/commit/48361c411e50826cb602c7aab773a8a20e1da6bc", "signature_version": "v1", "signature_type": "Line", "target": { "file": "winpr/libwinpr/sspi/NTLM/ntlm_message.c" }, "deprecated": false }, { "digest": { "function_hash": "125645356907423761258287778149584943230", "length": 5267.0 }, "id": "CVE-2020-13396-aef42ce7", "source": "https://github.com/freerdp/freerdp/commit/48361c411e50826cb602c7aab773a8a20e1da6bc", "signature_version": "v1", "signature_type": "Function", "target": { "file": "winpr/libwinpr/sspi/NTLM/ntlm_message.c", "function": "ntlm_read_ChallengeMessage" }, "deprecated": false } ] }