{"id":"CVE-2020-11048","details":"In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bounds read. It only allows to abort a session. No data extraction is possible. This has been fixed in 2.0.0.","modified":"2026-04-16T04:33:18.448872970Z","published":"2020-05-07T20:15:12.190Z","related":["ALSA-2020:4647","GHSA-hv8w-f2hx-5gcv"],"references":[{"type":"ADVISORY","url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hv8w-f2hx-5gcv"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/08/msg00054.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4379-1/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4382-1/"},{"type":"FIX","url":"https://github.com/FreeRDP/FreeRDP/commit/9301bfe730c66180263248b74353daa99f5a969b"},{"type":"EVIDENCE","url":"https://github.com/FreeRDP/FreeRDP/issues/6007"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/freerdp/freerdp","events":[{"introduced":"41558e4bd6982d508914a4f7b8278615aef1ad9e"},{"fixed":"5ab2bed8749747b8e4b2ed431fd102bc726be684"},{"fixed":"9301bfe730c66180263248b74353daa99f5a969b"}],"database_specific":{"versions":[{"introduced":"1.0.0"},{"fixed":"2.0.0"}]}}],"versions":["1.0.0","1.0.1","1.1.0-beta+2013071101","1.1.0-beta1","1.1.0-beta1+android2","1.1.0-beta1+android3","1.1.0-beta1+android4","1.1.0-beta1+android5","1.1.0-beta1+ios1","1.1.0-beta1+ios2","1.1.0-beta1+ios3","1.1.0-beta1+ios4","1.2.0-beta1+android7","1.2.0-beta1+android9","2.0.0-beta1+android10","2.0.0-beta1+android11","2.0.0-rc0","2.0.0-rc1","2.0.0-rc2","2.0.0-rc3","2.0.0-rc4"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-11048.json","vanir_signatures":[{"source":"https://github.com/freerdp/freerdp/commit/9301bfe730c66180263248b74353daa99f5a969b","digest":{"line_hashes":["207429656706164102241487631562483150029","160855080664251780381481586080853864901","154885552725460857237536460462182944693","137057464677447681206941812240827118785","32295946583092472538359192469478828536","321372003978442485465940049287753759811","216921153728238413575242304750854591780","38875084919739579481613197757861568556","118561823448347427604167643302528317857","292472648421618007499905275026224403579","317732064566241796915465113736984441406","98157166811211554842277494294033859482","47941600866532899626019413840293649997","62939521881066200903176165356806219545","27153392002938309650351908206670068486","283916547381700756117322821801398420653","209164361606408300950742918944485243074","57575724307848464601797478208096395553","338337927889444028183686346156617123270","311237343593635781337249021078482090784","40462881911335299008014078733993203247","68994376286147872910360229220873259454","282421208566998820852813773342451338942","210270803240117053624892680821376108836","307702040889948171696836427772694830619","13203243765912103200161466416761043701","311187427636141256049992373679639626920","65135545341835649320137112016788135621","154732157098890341529156619661194609155","73836614939723900056058415358720293146","292666546406820945978137218300693290034","280142105074687418923488907376707508658","19762445729772959933679794093234719576","166754698775780058285793362753199756442","268535692083178538713232645312179518176"],"threshold":0.9},"signature_version":"v1","id":"CVE-2020-11048-4f9ac9d6","deprecated":false,"signature_type":"Line","target":{"file":"libfreerdp/core/rdp.c"}},{"source":"https://github.com/freerdp/freerdp/commit/9301bfe730c66180263248b74353daa99f5a969b","digest":{"function_hash":"140329716457334555727175628405082761095","length":461},"signature_version":"v1","id":"CVE-2020-11048-c50e58a0","deprecated":false,"signature_type":"Function","target":{"function":"rdp_read_share_control_header","file":"libfreerdp/core/rdp.c"}},{"deprecated":false,"source":"https://github.com/freerdp/freerdp/commit/9301bfe730c66180263248b74353daa99f5a969b","target":{"function":"rdp_read_flow_control_pdu","file":"libfreerdp/core/rdp.c"},"signature_version":"v1","id":"CVE-2020-11048-c72a53b9","signature_type":"Function","digest":{"function_hash":"322073029365240409201041536492797667931","length":191}}],"vanir_signatures_modified":"2026-04-11T09:46:16Z","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]},{"events":[{"introduced":"0"},{"last_affected":"19.10"}]},{"events":[{"introduced":"0"},{"last_affected":"20.04"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L"}]}