oob read in `ntlm_read_ntlm_v2_response`

Low

bmiklautz published GHSA-fg8v-w34r-c974

May 29, 2020

Package

FreeRDP

Affected versions

<= 2.0.0

Patched versions

2.1.0

Description

Impact

Out of bound read in ntlm_read_ntlm_v2_client_challenge reads up to 28 bytes out of bound to an internal structure.
All clients and servers using NTLM authentication
Impact low due to a following check being triggered and further processing of data is aborted.

Patches

Upgrade to 2.1.0 or newer

References

https://pub.freerdp.com/cve/CVE-2020-11086