{"id":"CVE-2020-11097","details":"In FreeRDP before version 2.1.2, an out of bounds read occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. This is fixed in version 2.1.2.","aliases":["GHSA-c8x2-c3c9-9r3f"],"modified":"2026-05-18T18:26:32.519431Z","published":"2020-06-22T22:15:12.103Z","related":["ALSA-2021:1849","SUSE-SU-2020:2032-1","SUSE-SU-2020:2068-1","SUSE-SU-2020:2272-1","openSUSE-SU-2020:1090-1","openSUSE-SU-2024:10768-1"],"database_specific":{"unresolved_ranges":[{"cpes":["cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*","cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*"],"extracted_events":[{"last_affected":"18.04"},{"last_affected":"20.04"}],"source":"CPE_FIELD","vendor_product":"canonical:ubuntu_linux"},{"cpes":["cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"10.0"}],"source":"CPE_FIELD","vendor_product":"debian:debian_linux"},{"cpes":["cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*","cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"31"},{"last_affected":"32"}],"source":"CPE_FIELD","vendor_product":"fedoraproject:fedora"},{"cpes":["cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"],"extracted_events":[{"last_affected":"15.1"}],"source":"CPE_FIELD","vendor_product":"opensuse:leap"}]},"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOZLH35OJWIQLM7FYDXAP2EAUBDXE76V/"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html"},{"type":"ADVISORY","url":"http://www.freerdp.com/2020/06/22/2_1_2-released"},{"type":"ADVISORY","url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c8x2-c3c9-9r3f"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4481-1/"},{"type":"FIX","url":"https://github.com/FreeRDP/FreeRDP/commit/58a3122250d54de3a944c487776bcd4d1da4721e"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/freerdp/freerdp","events":[{"introduced":"0"},{"fixed":"584efae073386e8c5f6bc265b05c87d508a9bcbc"},{"fixed":"58a3122250d54de3a944c487776bcd4d1da4721e"}],"database_specific":{"source":["CPE_FIELD","REFERENCES"],"extracted_events":[{"introduced":"0"},{"fixed":"2.1.2"}],"cpe":"cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*"}}],"versions":["2.1.1","2.1.0","2.0.0","2.0.0-rc4","2.0.0-rc3","2.0.0-rc2","2.0.0-rc1","2.0.0-rc0","2.0.0-beta1+android11","2.0.0-beta1+android10","1.2.0-beta1+android9","1.2.0-beta1+android7","1.1.0-beta+2013071101","1.1.0-beta1+ios4","1.1.0-beta1+android5","1.1.0-beta1+android4","1.1.0-beta1+ios3","1.1.0-beta1+ios2","1.1.0-beta1+android3","1.1.0-beta1+android2","1.1.0-beta1+ios1","1.1.0-beta1","1.0.1","1.0.0","1.0-beta5","1.0-beta4","1.0-beta2","1.0-beta1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-11097.json","vanir_signatures":[{"source":"https://github.com/freerdp/freerdp/commit/58a3122250d54de3a944c487776bcd4d1da4721e","id":"CVE-2020-11097-212ea6e0","signature_type":"Function","digest":{"length":237,"function_hash":"57488475844778396462460790092864555790"},"target":{"file":"winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.c","function":"ntlm_av_pair_add_copy"},"signature_version":"v1","deprecated":false},{"source":"https://github.com/freerdp/freerdp/commit/58a3122250d54de3a944c487776bcd4d1da4721e","id":"CVE-2020-11097-272bcffb","signature_type":"Line","digest":{"line_hashes":["281199093337488200191958111791756366853","86361152385755966826729106938199490232","301258790964740342752047417413381409325","64871899050614241632329072053632383438","171629921269689412698261980165533363166","280985466425593815851120201738318197848","215031949970783615435428995198206216453","286438992864848406489036145044154905334","113752148089474114952837197080630701144","261104035268028934009696214851412871679","98989221216521820866967581278618381482","337742880902647651629047093659632208933","3334756412236517589181867201979733455","103245678047144842394138995286077424134","5166378531987869140672072634351512732","249200620952908277699102100906082171268","115587606294612258886551207392690826315","36484635899830625272804187925422326882","188107224532099152941644997882149622203","180995325117604890745894139970635283717","436036971502398700086804216155473821","13529482424500140519531356944398575912","136417555553341533743111632568764786077","239445366359930780630590472806495990522","132711345408900996857392493114575091850","295114563189248967616603163122388961511","242173724222210736403411708683860662329","330855163572209597226193036534035120791","91374909195604381407826664147616620024","96083745236847862914030290942849033056","22209690621860503893893589792044144381","57244532241024405700955981970156616836","57101202039700414667920455083041397523","313012558092589049358220648949321429457","245617393233253849284754177811591500060","69418438796879696461326147429630176135","150329480413620240615249325058868698542","115366925041650720317956991863994919354","271022599464925284833260632313878238678","313539118943810949408059871957705625692","337682998172270753137155573263664761500","136403229665872719211530308254949039834","192915648604426182295163500785957816589","71241307273316452603812038843946428292","6774316596784631972329756482198279032","107836011117986293807400463457708225656","55819068125011700510501495665340032292","201806937536850179500748766512066582561","61340727451805348634457892027747916553","206448064473308206000361481115046595942","253106058364440878946468316007062645472","149556273958818351783449250945774504637","163346887054405021868980364527044038797","281859025270304923139001026590981219081","111023201722658384554392286046801719828","208043048851928609541199680414385351849","194314692853375298167416266599964257412","330855163572209597226193036534035120791","133343078431817319198405452851395702822","92051402708876702855213372929775476882","20262677845246949811982578871421752273","30294040465972978337665516207326600302","100596151595386892808686808876444322873","218380447903229931902041113406121401348","79432236620937571761573377056172891904","5833464350851945518932825287130234697","165406605710286884109355416855268162045","316748516904409782601425098032849292255","325598333547243503755203230585074483313","232014736034377139483828393234310555034","47297651524244483785701207195065630951","125950940752756859446411444416177807277","66067983669307139571201381189351074732","262687917827257726382326812727132182398","151264887144978549018035186497608873800","245158052017045770391939370792141102474","202701610286915524349915576408099196539","290948123518871606490567816206993941126","212931074934022063009393948878372429454","42619806236160354111725301116625869093","15983919559890403491364002881865209377","28762489451009499044273910584057284010","197281290636470483770762266484523134261","151802289544448969219420074066886837252","274621551085559560253152700213456124964","98894975566764290785317935575630181502","253891738001197617345319286635477158345","10275772404493237892076057494046037714","323593557470075104773257748948920174739","286218120647365853809383241850110654331","271616553223947234689370643273736070232","204959245956919500000557698352923497727","79178136270752290869437934709439845435","35763561069686551401812316540218716048","155407727302030891086310250795867591593","6566944372441949601433236734745800993","216718548087427806829336023945031982278","264280864178669558664264134680070434906","24769221346687678975047931475780768468"],"threshold":0.9},"target":{"file":"winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.c"},"signature_version":"v1","deprecated":false},{"source":"https://github.com/freerdp/freerdp/commit/58a3122250d54de3a944c487776bcd4d1da4721e","id":"CVE-2020-11097-2f586647","signature_type":"Function","digest":{"length":110,"function_hash":"175833565996496883529938700350850501450"},"target":{"file":"winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.c","function":"ntlm_av_pair_get_id"},"signature_version":"v1","deprecated":false},{"source":"https://github.com/freerdp/freerdp/commit/58a3122250d54de3a944c487776bcd4d1da4721e","id":"CVE-2020-11097-30d7ee78","signature_type":"Function","digest":{"length":2948,"function_hash":"108927781308684179934043214772713380729"},"target":{"file":"winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.c","function":"ntlm_construct_authenticate_target_info"},"signature_version":"v1","deprecated":false},{"source":"https://github.com/freerdp/freerdp/commit/58a3122250d54de3a944c487776bcd4d1da4721e","id":"CVE-2020-11097-57e5e340","signature_type":"Function","digest":{"length":152,"function_hash":"209799115003739236552117946340401257257"},"target":{"file":"winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.c","function":"ntlm_av_pair_check"},"signature_version":"v1","deprecated":false},{"source":"https://github.com/freerdp/freerdp/commit/58a3122250d54de3a944c487776bcd4d1da4721e","id":"CVE-2020-11097-79a17c93","signature_type":"Function","digest":{"length":245,"function_hash":"90441895559154137032814721709891955161"},"target":{"file":"winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.c","function":"ntlm_av_pair_next"},"signature_version":"v1","deprecated":false},{"source":"https://github.com/freerdp/freerdp/commit/58a3122250d54de3a944c487776bcd4d1da4721e","id":"CVE-2020-11097-8ea28a20","signature_type":"Function","digest":{"length":90,"function_hash":"215958110980277934940452342873429714093"},"target":{"file":"winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.c","function":"ntlm_av_pair_get_next_offset"},"signature_version":"v1","deprecated":false},{"source":"https://github.com/freerdp/freerdp/commit/58a3122250d54de3a944c487776bcd4d1da4721e","id":"CVE-2020-11097-ad3e0a61","signature_type":"Function","digest":{"length":110,"function_hash":"175833565996496883529938700350850501450"},"target":{"file":"winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.c","function":"ntlm_av_pair_get_len"},"signature_version":"v1","deprecated":false},{"source":"https://github.com/freerdp/freerdp/commit/58a3122250d54de3a944c487776bcd4d1da4721e","id":"CVE-2020-11097-dbb633d7","signature_type":"Function","digest":{"length":392,"function_hash":"292406813035899045056174170143961825560"},"target":{"file":"winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.c","function":"ntlm_av_pair_get"},"signature_version":"v1","deprecated":false},{"source":"https://github.com/freerdp/freerdp/commit/58a3122250d54de3a944c487776bcd4d1da4721e","id":"CVE-2020-11097-fd509f40","signature_type":"Function","digest":{"length":461,"function_hash":"227746966553372040698528109906061538220"},"target":{"file":"winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.c","function":"ntlm_print_av_pair_list"},"signature_version":"v1","deprecated":false}],"vanir_signatures_modified":"2026-05-18T18:26:32Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L"}]}