{"id":"CVE-2020-11097","details":"In FreeRDP before version 2.1.2, an out of bounds read occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. This is fixed in version 2.1.2.","modified":"2026-04-02T02:09:56.543423Z","published":"2020-06-22T22:15:12.103Z","related":["ALSA-2021:1849","GHSA-c8x2-c3c9-9r3f","MGASA-2020-0297","SUSE-SU-2020:2032-1","SUSE-SU-2020:2068-1","SUSE-SU-2020:2272-1","openSUSE-SU-2020:1090-1","openSUSE-SU-2024:10768-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y35HBHG2INICLSGCIKNAR7GCXEHQACQ/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XOZLH35OJWIQLM7FYDXAP2EAUBDXE76V/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4481-1/"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html"},{"type":"ADVISORY","url":"http://www.freerdp.com/2020/06/22/2_1_2-released"},{"type":"ADVISORY","url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c8x2-c3c9-9r3f"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html"},{"type":"FIX","url":"https://github.com/FreeRDP/FreeRDP/commit/58a3122250d54de3a944c487776bcd4d1da4721e"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/freerdp/freerdp","events":[{"introduced":"0"},{"fixed":"584efae073386e8c5f6bc265b05c87d508a9bcbc"},{"fixed":"58a3122250d54de3a944c487776bcd4d1da4721e"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.1.2"}]}}],"versions":["1.0-beta1","1.0-beta2","1.0-beta3","1.0-beta4","1.0-beta5","1.0.0","1.0.1","1.0.2","1.0.2-rc1","1.0.2-rc2","1.1.0-beta+2013071101","1.1.0-beta1","1.1.0-beta1+android2","1.1.0-beta1+android3","1.1.0-beta1+android4","1.1.0-beta1+android5","1.1.0-beta1+ios1","1.1.0-beta1+ios2","1.1.0-beta1+ios3","1.1.0-beta1+ios4","1.2.0-beta1+android7","1.2.0-beta1+android9","2.0.0","2.0.0-beta1+android10","2.0.0-beta1+android11","2.0.0-rc0","2.0.0-rc1","2.0.0-rc2","2.0.0-rc3","2.0.0-rc4","2.1.0","2.1.1"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"31"}]},{"events":[{"introduced":"0"},{"last_affected":"32"}]},{"events":[{"introduced":"0"},{"last_affected":"15.1"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]},{"events":[{"introduced":"0"},{"last_affected":"20.04"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]}],"vanir_signatures":[{"signature_type":"Function","id":"CVE-2020-11097-212ea6e0","deprecated":false,"digest":{"function_hash":"57488475844778396462460790092864555790","length":237},"source":"https://github.com/freerdp/freerdp/commit/58a3122250d54de3a944c487776bcd4d1da4721e","target":{"function":"ntlm_av_pair_add_copy","file":"winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.c"},"signature_version":"v1"},{"signature_type":"Line","id":"CVE-2020-11097-272bcffb","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["281199093337488200191958111791756366853","86361152385755966826729106938199490232","301258790964740342752047417413381409325","64871899050614241632329072053632383438","171629921269689412698261980165533363166","280985466425593815851120201738318197848","215031949970783615435428995198206216453","286438992864848406489036145044154905334","113752148089474114952837197080630701144","261104035268028934009696214851412871679","98989221216521820866967581278618381482","337742880902647651629047093659632208933","3334756412236517589181867201979733455","103245678047144842394138995286077424134","5166378531987869140672072634351512732","249200620952908277699102100906082171268","115587606294612258886551207392690826315","36484635899830625272804187925422326882","188107224532099152941644997882149622203","180995325117604890745894139970635283717","436036971502398700086804216155473821","13529482424500140519531356944398575912","136417555553341533743111632568764786077","239445366359930780630590472806495990522","132711345408900996857392493114575091850","295114563189248967616603163122388961511","242173724222210736403411708683860662329","330855163572209597226193036534035120791","91374909195604381407826664147616620024","96083745236847862914030290942849033056","22209690621860503893893589792044144381","57244532241024405700955981970156616836","57101202039700414667920455083041397523","313012558092589049358220648949321429457","245617393233253849284754177811591500060","69418438796879696461326147429630176135","150329480413620240615249325058868698542","115366925041650720317956991863994919354","271022599464925284833260632313878238678","313539118943810949408059871957705625692","337682998172270753137155573263664761500","136403229665872719211530308254949039834","192915648604426182295163500785957816589","71241307273316452603812038843946428292","6774316596784631972329756482198279032","107836011117986293807400463457708225656","55819068125011700510501495665340032292","201806937536850179500748766512066582561","61340727451805348634457892027747916553","206448064473308206000361481115046595942","253106058364440878946468316007062645472","149556273958818351783449250945774504637","163346887054405021868980364527044038797","281859025270304923139001026590981219081","111023201722658384554392286046801719828","208043048851928609541199680414385351849","194314692853375298167416266599964257412","330855163572209597226193036534035120791","133343078431817319198405452851395702822","92051402708876702855213372929775476882","20262677845246949811982578871421752273","30294040465972978337665516207326600302","100596151595386892808686808876444322873","218380447903229931902041113406121401348","79432236620937571761573377056172891904","5833464350851945518932825287130234697","165406605710286884109355416855268162045","316748516904409782601425098032849292255","325598333547243503755203230585074483313","232014736034377139483828393234310555034","47297651524244483785701207195065630951","125950940752756859446411444416177807277","66067983669307139571201381189351074732","262687917827257726382326812727132182398","151264887144978549018035186497608873800","245158052017045770391939370792141102474","202701610286915524349915576408099196539","290948123518871606490567816206993941126","212931074934022063009393948878372429454","42619806236160354111725301116625869093","15983919559890403491364002881865209377","28762489451009499044273910584057284010","197281290636470483770762266484523134261","151802289544448969219420074066886837252","274621551085559560253152700213456124964","98894975566764290785317935575630181502","253891738001197617345319286635477158345","10275772404493237892076057494046037714","323593557470075104773257748948920174739","286218120647365853809383241850110654331","271616553223947234689370643273736070232","204959245956919500000557698352923497727","79178136270752290869437934709439845435","35763561069686551401812316540218716048","155407727302030891086310250795867591593","6566944372441949601433236734745800993","216718548087427806829336023945031982278","264280864178669558664264134680070434906","24769221346687678975047931475780768468"]},"source":"https://github.com/freerdp/freerdp/commit/58a3122250d54de3a944c487776bcd4d1da4721e","target":{"file":"winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.c"},"signature_version":"v1"},{"signature_type":"Function","id":"CVE-2020-11097-2f586647","deprecated":false,"digest":{"function_hash":"175833565996496883529938700350850501450","length":110},"source":"https://github.com/freerdp/freerdp/commit/58a3122250d54de3a944c487776bcd4d1da4721e","target":{"function":"ntlm_av_pair_get_id","file":"winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.c"},"signature_version":"v1"},{"signature_type":"Function","id":"CVE-2020-11097-30d7ee78","deprecated":false,"digest":{"function_hash":"108927781308684179934043214772713380729","length":2948},"source":"https://github.com/freerdp/freerdp/commit/58a3122250d54de3a944c487776bcd4d1da4721e","target":{"function":"ntlm_construct_authenticate_target_info","file":"winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.c"},"signature_version":"v1"},{"signature_type":"Function","id":"CVE-2020-11097-57e5e340","deprecated":false,"digest":{"function_hash":"209799115003739236552117946340401257257","length":152},"source":"https://github.com/freerdp/freerdp/commit/58a3122250d54de3a944c487776bcd4d1da4721e","target":{"function":"ntlm_av_pair_check","file":"winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.c"},"signature_version":"v1"},{"signature_type":"Function","id":"CVE-2020-11097-79a17c93","deprecated":false,"digest":{"function_hash":"90441895559154137032814721709891955161","length":245},"source":"https://github.com/freerdp/freerdp/commit/58a3122250d54de3a944c487776bcd4d1da4721e","target":{"function":"ntlm_av_pair_next","file":"winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.c"},"signature_version":"v1"},{"signature_type":"Function","id":"CVE-2020-11097-8ea28a20","deprecated":false,"digest":{"function_hash":"215958110980277934940452342873429714093","length":90},"source":"https://github.com/freerdp/freerdp/commit/58a3122250d54de3a944c487776bcd4d1da4721e","target":{"function":"ntlm_av_pair_get_next_offset","file":"winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.c"},"signature_version":"v1"},{"signature_type":"Function","id":"CVE-2020-11097-ad3e0a61","deprecated":false,"digest":{"function_hash":"175833565996496883529938700350850501450","length":110},"source":"https://github.com/freerdp/freerdp/commit/58a3122250d54de3a944c487776bcd4d1da4721e","target":{"function":"ntlm_av_pair_get_len","file":"winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.c"},"signature_version":"v1"},{"signature_type":"Function","id":"CVE-2020-11097-dbb633d7","deprecated":false,"digest":{"function_hash":"292406813035899045056174170143961825560","length":392},"source":"https://github.com/freerdp/freerdp/commit/58a3122250d54de3a944c487776bcd4d1da4721e","target":{"function":"ntlm_av_pair_get","file":"winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.c"},"signature_version":"v1"},{"signature_type":"Function","id":"CVE-2020-11097-fd509f40","deprecated":false,"digest":{"function_hash":"227746966553372040698528109906061538220","length":461},"source":"https://github.com/freerdp/freerdp/commit/58a3122250d54de3a944c487776bcd4d1da4721e","target":{"function":"ntlm_print_av_pair_list","file":"winpr/libwinpr/sspi/NTLM/ntlm_av_pairs.c"},"signature_version":"v1"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-11097.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L"}]}