CVE-2020-13396

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2020-13396
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-13396.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-13396
Downstream
Related
Published
2020-05-22T18:15:11Z
Modified
2025-10-15T11:51:36.889737Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L CVSS Calculator
Summary
[none]
Details

An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in ntlmreadChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c.

References

Affected packages

Git / github.com/freerdp/freerdp

Affected ranges

Type
GIT
Repo
https://github.com/freerdp/freerdp
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
48361c411e50826cb602c7aab773a8a20e1da6bc
Fixed
8fb6336a4072abcee8ce5bd6ae91104628c7bb69

Affected versions

1.*

1.0-beta1
1.0-beta2
1.0-beta3
1.0-beta4
1.0-beta5
1.0.0
1.0.1
1.1.0-beta+2013071101
1.1.0-beta1
1.1.0-beta1+android2
1.1.0-beta1+android3
1.1.0-beta1+android4
1.1.0-beta1+android5
1.1.0-beta1+ios1
1.1.0-beta1+ios2
1.1.0-beta1+ios3
1.1.0-beta1+ios4
1.2.0-beta1+android7
1.2.0-beta1+android9

2.*

2.0.0
2.0.0-beta1+android10
2.0.0-beta1+android11
2.0.0-rc0
2.0.0-rc1
2.0.0-rc2
2.0.0-rc3
2.0.0-rc4
2.1.0

Database specific

vanir_signatures

[
    {
        "id": "CVE-2020-13396-0ee58b18",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "file": "winpr/libwinpr/sspi/NTLM/ntlm_message.c"
        },
        "source": "https://github.com/freerdp/freerdp/commit/48361c411e50826cb602c7aab773a8a20e1da6bc",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "76520381303793706354394905156980639001",
                "282566849556074964205805592990203830151",
                "2698456206615341861518141281162735263",
                "336224440757755728172154181684934044262",
                "284261491817822275984846553019646872461",
                "174244900834914134481064781483553193622",
                "25123155323745967112731675775873879837",
                "148364140446082720606710342613023699548",
                "329592443135845426657122755048216713889",
                "92050099407558400304911403809018760521",
                "219778130722162753086991176156569321635",
                "125116767760870193408727759792769658146",
                "88416154254472454682746949546237262074",
                "79952438847140396587226509256224753217",
                "121807398591422663603578373372885019896",
                "253662455073028227159382901201324874617",
                "123343054448212955456026968069702074263",
                "85020857556450694534509256204783017162",
                "255268007936620559016517340264197516878",
                "108335059698860200798144054774198324742",
                "253662455073028227159382901201324874617",
                "240995267951714944486160611582135353152",
                "291074483248729273453431999541330985308",
                "129017258434056908024324606257422911030",
                "70583760549871203164819784487145745882",
                "253662455073028227159382901201324874617",
                "287317102111360111191812340028500137571",
                "78096176348979768258085483910943756995",
                "189514320141550507647682763963431167914",
                "263521197669050329772330980423265818807",
                "253662455073028227159382901201324874617",
                "125553016897872548207771638126188345197",
                "221427188409031947289975677762055770763",
                "48211495049074874002077796785519702699",
                "51841942972102033420572675048580799302",
                "227149694492067127439389869671648232881",
                "25657475031488990629022805907062583020",
                "253662455073028227159382901201324874617",
                "236131924727105989770235627263969569172",
                "404961262520880213896549041560818677",
                "76520519321503052670336425612450828138",
                "42182737805846986767588101573941834629",
                "175267322124283822811329432679139428655",
                "25657475031488990629022805907062583020",
                "253662455073028227159382901201324874617",
                "179969551482694339913226104554343424711",
                "110823472763331360591313786754000110041",
                "252595975412916820974593547068248951630",
                "203616502083983596101483711872570850921",
                "148032249025554410770411864522517842292",
                "253662455073028227159382901201324874617",
                "86259315868274478866129269715086657323",
                "304449601009727400554869754590693330504",
                "5769487755201660675613962178441835555",
                "103252313546216007019505893436124695779",
                "6528800998010061828632523047093720207",
                "198293103083158085166393109051800837141",
                "253662455073028227159382901201324874617",
                "321450999058637810535222367808907282124",
                "144054043621970048034713444083207762265",
                "254459861314800345377836294395846988880",
                "325477314746408175987086886507696388647",
                "323817494117943062766276477142106828756",
                "29830899257949064160324195422047496607",
                "76658061156390856718071325176261237349",
                "149674284592307821669701883019372276889",
                "22403996456231067067373353180918568504",
                "264765439589889091805463967585975883466",
                "170315957829491235757955819577812241687",
                "255215294974773659930854751842363868195",
                "237216221709819711804293436047757821876",
                "292953039882829041295606457345555572947",
                "218766423504259947289900408253431671550",
                "22403996456231067067373353180918568504",
                "184447313844979918470961562939609686580",
                "164618626292090153856976000591043055846",
                "104526990048086803078362948849364608156",
                "171221644522950278383225378516731773808",
                "280886997198293342038796419464347791413",
                "219289979057791117579204233858393480502",
                "322937327511811249489781785390541257866",
                "315896174128681262367343401928670534491",
                "295644083560539443863928791112575506855",
                "304841028687548304366317311638277229790",
                "268214698980186406298142140306129214751",
                "50740373022697109694620992539524500864",
                "22403996456231067067373353180918568504",
                "285490879323213147339368713077726501539",
                "95436462363306011830873191765979715015",
                "156027718641624427258416852038815979138",
                "173432492318165356035225302545932184904",
                "42395135299068077890231018357304392881",
                "183564901653277209536945505928777561068",
                "248821439445727256144157035414161211328",
                "22403996456231067067373353180918568504",
                "285796042501991946444159004307681763947",
                "135815570073712181521374754386610406042",
                "284216379088730192347659933499939622455",
                "266197114402477364268695471994224603855",
                "155404006809631617980518073615825954117",
                "61220545607901056910946501117221981609",
                "22403996456231067067373353180918568504",
                "137446275411128756183703025870136031408",
                "163013432576364131338761776619017607703",
                "60032182530726175694029106914526931218",
                "179876652548909961644942277693680262836",
                "22403996456231067067373353180918568504",
                "183277554081267176911287656947754279486",
                "77451657823830781328797188815744328662",
                "214214016723929973918295023957816395233",
                "325604262791483187033109266344103980245",
                "251949897614616272012089048062998320802",
                "141530621083971726944693880189356676330",
                "16807126797070448674878768397853130304",
                "288094109949166151755610643723371366988",
                "64629159380884632234461067962436319766"
            ],
            "threshold": 0.9
        }
    },
    {
        "id": "CVE-2020-13396-aef42ce7",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "file": "winpr/libwinpr/sspi/NTLM/ntlm_message.c",
            "function": "ntlm_read_ChallengeMessage"
        },
        "source": "https://github.com/freerdp/freerdp/commit/48361c411e50826cb602c7aab773a8a20e1da6bc",
        "signature_type": "Function",
        "digest": {
            "length": 5267.0,
            "function_hash": "125645356907423761258287778149584943230"
        }
    }
]