CVE-2020-11085 — Out-of-bounds Read in Freerdp

CWE-125 — Out-of-bounds Read CWE-805 — Buffer Access with Incorrect Length Value10 documents6 sources

Severity

3.5LOWNVD

CNA2.6

EPSS

0.1%

top 69.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Freerdp Debian Linux Opensuse Leap

Timeline

PublishedMay 29

Latest updateJun 4

Description

In FreeRDP before 2.1.0, there is an out-of-bounds read in cliprdr_read_format_list. Clipboard format data read (by client or server) might read data out-of-bounds. This has been fixed in 2.1.0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:LExploitability: 2.1 | Impact: 1.4

Affected Packages3 packages

▶CVEListV5freerdp/freerdp< 2.1.0

▶NVDfreerdp/freerdp< 2.1.0

▶NVDopensuse/leap15.1

Also affects: Debian Linux 10.0

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

CVEList

Out-of-bounds Read in FreeRDP↗2020-05-29

▶

OSV

CVE-2020-11085: In FreeRDP before 2↗2020-05-29

▶

📋Vendor Advisories

Red Hat

freerdp: out-of-bounds read in cliprdr_read_format_list function↗2020-05-29

▶

Debian

CVE-2020-11085: freerdp2 - In FreeRDP before 2.1.0, there is an out-of-bounds read in cliprdr_read_format_l...↗2020

▶

💬Community

Bugzilla

CVE-2020-11085 freerdp: out-of-bounds read in cliprdr_read_format_list function [epel-6]↗2020-06-04

▶

Bugzilla

CVE-2020-11085 freerdp1.2: freerdp: out-of-bounds read in cliprdr_read_format_list function [epel-7]↗2020-06-04

▶

Bugzilla

CVE-2020-11085 freerdp: out-of-bounds read in cliprdr_read_format_list function [fedora-all]↗2020-06-04

▶

Bugzilla

CVE-2020-11085 freerdp: out-of-bounds read in cliprdr_read_format_list function↗2020-06-04

▶

Bugzilla

CVE-2020-11085 freerdp1.2: freerdp: out-of-bounds read in cliprdr_read_format_list function [fedora-all]↗2020-06-04

▶