In FreeRDP before version 2.1.2, there is an out of bounds read in TrioParse. Logging might bypass string length checks due to an integer overflow. This is fixed in version 2.1.2.
{ "vanir_signatures": [ { "signature_version": "v1", "deprecated": false, "id": "CVE-2020-4030-209a8c46", "digest": { "threshold": 0.9, "line_hashes": [ "184113121016333358285319372297255994103", "267119135253721438016611594896122215985", "326045540664966039740554085678049561611", "162382862271231544621632017281053450303", "259654676096212166543301571851583945653", "337626485554865542116482426611247910336", "302619259917172163577505698371206255325", "248311828760329053642212232712054145034", "48546135914116083679518732849697493544", "65985926792399962685983872570067836026", "37272372742467044585560923749680642436", "6694760769256071751895870628554319729" ] }, "target": { "file": "winpr/libwinpr/utils/trio/trio.c" }, "signature_type": "Line", "source": "https://github.com/freerdp/freerdp/commit/05cd9ea2290d23931f615c1b004d4b2e69074e27" }, { "signature_version": "v1", "deprecated": false, "id": "CVE-2020-4030-cb6fa37c", "digest": { "threshold": 0.9, "line_hashes": [ "322697619999516272119702043251132197404", "166292481726618466695783537953868435563", "306385995903346319553142905137318845949", "71045233625049003937872421593334296454", "40015394476233404266510138193122806599", "95015821797310904147094367308625177872", "14206545713134464485059259788717227585", "326174490194127597474829009714997758872" ] }, "target": { "file": "winpr/libwinpr/utils/trio/triostr.c" }, "signature_type": "Line", "source": "https://github.com/freerdp/freerdp/commit/05cd9ea2290d23931f615c1b004d4b2e69074e27" } ] }