oob read in `ntlm_read_AuthenticateMessage`

Low

bmiklautz published GHSA-84vj-g73m-chw7

May 29, 2020

Package

FreeRDP

Affected versions

<= 2.0.0

Patched versions

2.1.0

Description

Impact

Out of bound read in ntlm_read_AuthenticateMessage
All clients and servers using NTLM authentication are affected
Low impact due to a following check triggering an error

Patches

8241ab4 Fixed with 2.1.0 and newer

Workarounds

None

References

https://pub.freerdp.com/cve/CVE-2020-11087