CVE-2020-11085: Out-of-bounds Read in FreeRDP
First published: Fri May 29 2020(Updated: )
In FreeRDP before 2.1.0, there is an out-of-bounds read in cliprdr_read_format_list. Clipboard format data read (by client or server) might read data out-of-bounds. This has been fixed in 2.1.0.
Credit: security-advisories@github.com security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| FreeRDP FreeRDP | <2.1.0 | |
| openSUSE Leap | =15.1 | |
| Debian Debian Linux | =10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2020-11085.
What is the severity level of CVE-2020-11085?
CVE-2020-11085 has a severity level of medium.
What is the CWE ID associated with CVE-2020-11085?
The CWE ID associated with CVE-2020-11085 is CWE-125.
Which software versions are affected by CVE-2020-11085?
FreeRDP versions before 2.1.0, openSUSE Leap 15.1, and Debian Debian Linux 10.0 are affected by CVE-2020-11085.
How can I fix CVE-2020-11085?
To fix CVE-2020-11085, update FreeRDP to version 2.1.0 or a later release.
- collector/nvd-index
- collector/nvd-api
- agent/references
- agent/type
- agent/author
- agent/remedy
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/title
- agent/last-modified-date
- agent/severity
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/freerdp
- canonical/freerdp freerdp
- vendor/opensuse
- canonical/opensuse leap
- version/opensuse leap/15.1
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/10.0