Lowbmiklautz

**Name of the Vulnerable Software and Affected Versions** FreeRDP versions prior to 2.1.0 **Description** The issue is related to an out-of-bound read in the `ntlm read ntlm v2 client challenge` function, which reads up to 28 bytes out-of-bound to an internal structure. **Recommendations** For versions prior to 2.1.0, update to version 2.1.0 to resolve the issue. As a temporary workaround, consider restricting access to the `ntlm read ntlm v2 client challenge` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** FreeRDP versions prior to 2.1.0 **Description** The issue is related to an out-of-bound read in irp functions, specifically in `parallel process irp create`, `serial process irp create`, `drive process irp write`, `printer process irp write`, `rdpei recv pdu`, and `serial process irp write`. This can potentially allow a remote attacker to impact the confidentiality, integrity, and availability of protected information. **Recommendations** For FreeRDP versions prior to 2.1.0, update to version 2.1.0 to resolve the issue. As a temporary workaround, consider disabling the affected irp functions until a patch is available. Restrict access to the vulnerable components to minimize the risk of exploitation. Avoid using the vulnerable functions in the affected versions until the issue is resolved.