CVE-2020-13396

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2020-13396
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-13396.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-13396
Downstream
Related
Published
2020-05-22T18:15:11Z
Modified
2025-09-19T11:52:16.656535Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L CVSS Calculator
Summary
[none]
Details

An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in ntlmreadChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c.

References

Affected packages

Git / github.com/freerdp/freerdp

Affected ranges

Type
GIT
Repo
https://github.com/freerdp/freerdp
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
48361c411e50826cb602c7aab773a8a20e1da6bc
Fixed
8fb6336a4072abcee8ce5bd6ae91104628c7bb69

Affected versions

1.*

1.0-beta1
1.0-beta2
1.0-beta3
1.0-beta4
1.0-beta5
1.0.0
1.0.1
1.1.0-beta+2013071101
1.1.0-beta1
1.1.0-beta1+android2
1.1.0-beta1+android3
1.1.0-beta1+android4
1.1.0-beta1+android5
1.1.0-beta1+ios1
1.1.0-beta1+ios2
1.1.0-beta1+ios3
1.1.0-beta1+ios4
1.2.0-beta1+android7
1.2.0-beta1+android9

2.*

2.0.0
2.0.0-beta1+android10
2.0.0-beta1+android11
2.0.0-rc0
2.0.0-rc1
2.0.0-rc2
2.0.0-rc3
2.0.0-rc4
2.1.0

Database specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "76520381303793706354394905156980639001",
                    "282566849556074964205805592990203830151",
                    "2698456206615341861518141281162735263",
                    "336224440757755728172154181684934044262",
                    "284261491817822275984846553019646872461",
                    "174244900834914134481064781483553193622",
                    "25123155323745967112731675775873879837",
                    "148364140446082720606710342613023699548",
                    "329592443135845426657122755048216713889",
                    "92050099407558400304911403809018760521",
                    "219778130722162753086991176156569321635",
                    "125116767760870193408727759792769658146",
                    "88416154254472454682746949546237262074",
                    "79952438847140396587226509256224753217",
                    "121807398591422663603578373372885019896",
                    "253662455073028227159382901201324874617",
                    "123343054448212955456026968069702074263",
                    "85020857556450694534509256204783017162",
                    "255268007936620559016517340264197516878",
                    "108335059698860200798144054774198324742",
                    "253662455073028227159382901201324874617",
                    "240995267951714944486160611582135353152",
                    "291074483248729273453431999541330985308",
                    "129017258434056908024324606257422911030",
                    "70583760549871203164819784487145745882",
                    "253662455073028227159382901201324874617",
                    "287317102111360111191812340028500137571",
                    "78096176348979768258085483910943756995",
                    "189514320141550507647682763963431167914",
                    "263521197669050329772330980423265818807",
                    "253662455073028227159382901201324874617",
                    "125553016897872548207771638126188345197",
                    "221427188409031947289975677762055770763",
                    "48211495049074874002077796785519702699",
                    "51841942972102033420572675048580799302",
                    "227149694492067127439389869671648232881",
                    "25657475031488990629022805907062583020",
                    "253662455073028227159382901201324874617",
                    "236131924727105989770235627263969569172",
                    "404961262520880213896549041560818677",
                    "76520519321503052670336425612450828138",
                    "42182737805846986767588101573941834629",
                    "175267322124283822811329432679139428655",
                    "25657475031488990629022805907062583020",
                    "253662455073028227159382901201324874617",
                    "179969551482694339913226104554343424711",
                    "110823472763331360591313786754000110041",
                    "252595975412916820974593547068248951630",
                    "203616502083983596101483711872570850921",
                    "148032249025554410770411864522517842292",
                    "253662455073028227159382901201324874617",
                    "86259315868274478866129269715086657323",
                    "304449601009727400554869754590693330504",
                    "5769487755201660675613962178441835555",
                    "103252313546216007019505893436124695779",
                    "6528800998010061828632523047093720207",
                    "198293103083158085166393109051800837141",
                    "253662455073028227159382901201324874617",
                    "321450999058637810535222367808907282124",
                    "144054043621970048034713444083207762265",
                    "254459861314800345377836294395846988880",
                    "325477314746408175987086886507696388647",
                    "323817494117943062766276477142106828756",
                    "29830899257949064160324195422047496607",
                    "76658061156390856718071325176261237349",
                    "149674284592307821669701883019372276889",
                    "22403996456231067067373353180918568504",
                    "264765439589889091805463967585975883466",
                    "170315957829491235757955819577812241687",
                    "255215294974773659930854751842363868195",
                    "237216221709819711804293436047757821876",
                    "292953039882829041295606457345555572947",
                    "218766423504259947289900408253431671550",
                    "22403996456231067067373353180918568504",
                    "184447313844979918470961562939609686580",
                    "164618626292090153856976000591043055846",
                    "104526990048086803078362948849364608156",
                    "171221644522950278383225378516731773808",
                    "280886997198293342038796419464347791413",
                    "219289979057791117579204233858393480502",
                    "322937327511811249489781785390541257866",
                    "315896174128681262367343401928670534491",
                    "295644083560539443863928791112575506855",
                    "304841028687548304366317311638277229790",
                    "268214698980186406298142140306129214751",
                    "50740373022697109694620992539524500864",
                    "22403996456231067067373353180918568504",
                    "285490879323213147339368713077726501539",
                    "95436462363306011830873191765979715015",
                    "156027718641624427258416852038815979138",
                    "173432492318165356035225302545932184904",
                    "42395135299068077890231018357304392881",
                    "183564901653277209536945505928777561068",
                    "248821439445727256144157035414161211328",
                    "22403996456231067067373353180918568504",
                    "285796042501991946444159004307681763947",
                    "135815570073712181521374754386610406042",
                    "284216379088730192347659933499939622455",
                    "266197114402477364268695471994224603855",
                    "155404006809631617980518073615825954117",
                    "61220545607901056910946501117221981609",
                    "22403996456231067067373353180918568504",
                    "137446275411128756183703025870136031408",
                    "163013432576364131338761776619017607703",
                    "60032182530726175694029106914526931218",
                    "179876652548909961644942277693680262836",
                    "22403996456231067067373353180918568504",
                    "183277554081267176911287656947754279486",
                    "77451657823830781328797188815744328662",
                    "214214016723929973918295023957816395233",
                    "325604262791483187033109266344103980245",
                    "251949897614616272012089048062998320802",
                    "141530621083971726944693880189356676330",
                    "16807126797070448674878768397853130304",
                    "288094109949166151755610643723371366988",
                    "64629159380884632234461067962436319766"
                ]
            },
            "id": "CVE-2020-13396-0ee58b18",
            "source": "https://github.com/freerdp/freerdp/commit/48361c411e50826cb602c7aab773a8a20e1da6bc",
            "signature_version": "v1",
            "signature_type": "Line",
            "target": {
                "file": "winpr/libwinpr/sspi/NTLM/ntlm_message.c"
            },
            "deprecated": false
        },
        {
            "digest": {
                "function_hash": "125645356907423761258287778149584943230",
                "length": 5267.0
            },
            "id": "CVE-2020-13396-aef42ce7",
            "source": "https://github.com/freerdp/freerdp/commit/48361c411e50826cb602c7aab773a8a20e1da6bc",
            "signature_version": "v1",
            "signature_type": "Function",
            "target": {
                "file": "winpr/libwinpr/sspi/NTLM/ntlm_message.c",
                "function": "ntlm_read_ChallengeMessage"
            },
            "deprecated": false
        }
    ]
}