{"id":"CVE-2020-11087","details":"In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_AuthenticateMessage. This has been fixed in 2.1.0.","modified":"2026-04-16T00:03:17.651570551Z","published":"2020-05-29T20:15:10.843Z","related":["ALSA-2020:4647","GHSA-84vj-g73m-chw7","SUSE-SU-2020:2032-1","SUSE-SU-2020:2068-1","SUSE-SU-2020:2272-1","openSUSE-SU-2020:1090-1"],"database_specific":{"unresolved_ranges":[{"cpe":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"10.0"}],"source":"CPE_FIELD"},{"cpe":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"15.1"}],"source":"CPE_FIELD"}]},"references":[{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html"},{"type":"FIX","url":"https://github.com/FreeRDP/FreeRDP/commit/8241ab42fdf0cc89cf69fc574bf6360c9977a0d4"},{"type":"FIX","url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-84vj-g73m-chw7"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/freerdp/freerdp","events":[{"introduced":"0"},{"fixed":"11b9b1ca6be433f1da5bbf5e152d554d3eb67ac6"},{"fixed":"8241ab42fdf0cc89cf69fc574bf6360c9977a0d4"}],"database_specific":{"source":["CPE_FIELD","REFERENCES"],"extracted_events":[{"introduced":"0"},{"fixed":"2.1.0"}],"cpe":"cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*"}}],"versions":["1.0-beta1","1.0-beta2","1.0-beta4","1.0-beta5","1.0.0","1.0.1","1.1.0-beta+2013071101","1.1.0-beta1","1.1.0-beta1+android2","1.1.0-beta1+android3","1.1.0-beta1+android4","1.1.0-beta1+android5","1.1.0-beta1+ios1","1.1.0-beta1+ios2","1.1.0-beta1+ios3","1.1.0-beta1+ios4","1.2.0-beta1+android7","1.2.0-beta1+android9","2.0.0","2.0.0-beta1+android10","2.0.0-beta1+android11","2.0.0-rc0","2.0.0-rc1","2.0.0-rc2","2.0.0-rc3","2.0.0-rc4"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-11087.json","vanir_signatures":[{"source":"https://github.com/freerdp/freerdp/commit/8241ab42fdf0cc89cf69fc574bf6360c9977a0d4","id":"CVE-2020-11087-4d56f382","deprecated":false,"signature_version":"v1","digest":{"function_hash":"323716930376608716647377832147244238994","length":6341},"target":{"function":"ntlm_read_AuthenticateMessage","file":"winpr/libwinpr/sspi/NTLM/ntlm_message.c"},"signature_type":"Function"},{"source":"https://github.com/freerdp/freerdp/commit/8241ab42fdf0cc89cf69fc574bf6360c9977a0d4","id":"CVE-2020-11087-f908d808","deprecated":false,"signature_version":"v1","digest":{"line_hashes":["154514318166335519574049377685409873258","56541073228512878616808342428086533156","161651536400387389871181437121023956494","211811431804190450677659699831454803476","295382713056045796778340193138038626325","276992700690353240360321429483627263581","138806139207652727465498310479651456571","278749379450094990387775363009510925691","241413464936548129503997645178197014903","30411643711945645815598947303704340527","339661838060147216225664927532669752921","133922056526047205639145996059903227230","68532566752706994136843909064010671536","304131632231906548921496171046306531778","67882167744274946674606458323381954716","121807398591422663603578373372885019896","253662455073028227159382901201324874617","111385606397311443666316341710094090228","102130564232632735527339562687623895148","11006258702244288486245773187479678531","74205178819293443848102321539429761466","253662455073028227159382901201324874617","312501569522021938152053614398069559351","98168397895482623504390908520550420877","117627523580040007016009315631784254027","314011867796071251342930867012647929853","244662915843780533572199619315750995590","253662455073028227159382901201324874617","174686487407518535509696959276533968595","239427991089082503098389597256809403251","33724994605980651017834831886549882202","164358783730812471173461857098172249776","244662915843780533572199619315750995590","253662455073028227159382901201324874617","201166722949810737187879871285367317983","249949584026904705042454117259771532465","196683094714095414160125404883075368945","260466164511542389587007361248825094720","253662455073028227159382901201324874617","323428085615289951860939594860197990528","131541879127304571214834482785127453148","8446251686585743229637268818340568032","103996748205276043571805998578244156008","253662455073028227159382901201324874617","228544139125987504589000920610065837109","236117061846471316865687652781394296627","254778563722473740048972977655769127247","304938498267846296685631809058007976055","253662455073028227159382901201324874617","68721091901326487661288802263901103083","187727687122777566716665464656245672789","76716247514145182233500530771454337423","132951234265639673915711190530189190236","244662915843780533572199619315750995590","253662455073028227159382901201324874617","125553016897872548207771638126188345197","150187513336340834753465668698033953966","208948704100297060610022153852978535373","274722474817140977116505144302812499570","250842374023437519868922881052830706402","45779165871585141370938961430733742079","11668046986392564375786790848727083845","122156914354461375210180735930759281141","253662455073028227159382901201324874617","63926046525700067898154360662491512743","229324638166040194753013467233623218125","139734374144708037125919670499225835851","232614083226558610815601275446320500753","6528800998010061828632523047093720207","198293103083158085166393109051800837141","253662455073028227159382901201324874617","321450999058637810535222367808907282124","42900884321040807565983816286398317705","121224227178259272233075738270673295606","196489480839964295787469285036203135035","90786100283805874210049656953796848292","16717625541532460009816958547667942930","22403996456231067067373353180918568504","145598177898448543383884230367024392777","13222721649571082529067686458067942018","211605321874173834158220053283370424647","134979684622246714513434620576927820854","22403996456231067067373353180918568504","246207011876176242020352619911965676689","240703831849212882616672407272991944112","240745115579393806267554647170182522614","241675326737785324093756427761370297118","22403996456231067067373353180918568504","104949350100721263125085305828183597995","233978408888539405578110558872926670550","179750850740817100481541789874758318749","304360824219610205673515898357785628045","85289164583278400144046241804581049589","22403996456231067067373353180918568504","322558151512957459299534849234313743916","184261764499893372990248445310371456419","191976415187374461648049678432978448559","191921137837496105374895311441883575312","85289164583278400144046241804581049589","22403996456231067067373353180918568504","82352513813789699389345125779190857440","119932755149428744155850767769393437618","191484239637562940985098941007368911445","46815914388692519416162241770889036168","161951019194278477929857201220550249749","186425153139679315952310294482846392769","316453102634686443952101406999990822926","36616512156431261482656976307408372757","102172305271217910653822640486853386827","22403996456231067067373353180918568504","80948364461329060192937305639493687949","213072126327002658363499619360350305158","38429710044080758485915941030506322698","117295542566946394961596785113956915651","196174300566754983061960566253389386822","272563553901084615855684391831694546890","143709003002470807945298515674467450668","129556815624869728747976358602876843137","154371492644357202537923291862393510017","72852919265872844141162240724849521675","118497478680621602106278070569346492826","234696324119093460368801125270654302795","85289164583278400144046241804581049589","22403996456231067067373353180918568504","304510621029493273474532992369478750308","74585422880968153809668040073975851661","11144158705062926999649801958073498764","69884830720015146667597333599505475347","226885259260921754369551347896931525118","83618653922054646947995034672438428867","253662455073028227159382901201324874617","223414785606981179076849053157060956549","32956767466003425107023088931155196646","39156160138601862363612520826126497801","185893991082219683248714946541531990070","59674959416409836500985609739051240668","22469809208479479408294288943005091214","22403996456231067067373353180918568504","11583215664584732026747536045610290768","106198836796427045018995615618927090784","53001384217291352936662513075794553259","190101201025833245442288381778414741658","313309393002342629773500538075404731352","234031056829139360422777395229473605100","50557167896935087143460297426701557932","253662455073028227159382901201324874617","208809639380305961018804431549322462879","87706621565962368399249085821525275618","251085397996317134810648371489196303894","98145398917848937212068238883182616901","117747777603796256591481692541516684869","244521677333975823892270362269904230088","156298833418999828687409685203336392883","162650266072802846803464401741298362854","22403996456231067067373353180918568504","241627117444334161744049415194429351173","222854894970348738675069231279978299978","297146069882352317858577471029366203453","98431425343492209492766820924004133354","199630960619385935638029402700823898567","73700629884199838290981677003813377712","22403996456231067067373353180918568504","172690674056621477251797713009409836607","4221347786307635465166641377379055471","285450915834911359032022236539347136773","41532746424712481815439544814212771219","34071731460786003810796844937636205349","203970205104222824289053029742670162691","73223257631344278879274576330480665205"],"threshold":0.9},"target":{"file":"winpr/libwinpr/sspi/NTLM/ntlm_message.c"},"signature_type":"Line"}],"vanir_signatures_modified":"2026-04-11T22:57:11Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L"}]}