{"id":"CVE-2020-11085","details":"In FreeRDP before 2.1.0, there is an out-of-bounds read in cliprdr_read_format_list. Clipboard format data read (by client or server) might read data out-of-bounds. This has been fixed in 2.1.0.","modified":"2026-04-16T04:34:07.350119342Z","published":"2020-05-29T20:15:10.670Z","related":["ALSA-2020:4647","GHSA-2j4w-v45m-95hf","SUSE-SU-2020:2032-1","SUSE-SU-2020:2068-1","SUSE-SU-2020:2272-1","openSUSE-SU-2020:1090-1"],"references":[{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html"},{"type":"FIX","url":"https://github.com/FreeRDP/FreeRDP/commit/b73143cf7ee5fe4cdabcbf56908aa15d8a883821"},{"type":"FIX","url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-2j4w-v45m-95hf"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/freerdp/freerdp","events":[{"introduced":"0"},{"fixed":"11b9b1ca6be433f1da5bbf5e152d554d3eb67ac6"},{"fixed":"b73143cf7ee5fe4cdabcbf56908aa15d8a883821"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"2.1.0"}]}}],"versions":["1.0-beta1","1.0-beta2","1.0-beta4","1.0-beta5","1.0.0","1.0.1","1.1.0-beta+2013071101","1.1.0-beta1","1.1.0-beta1+android2","1.1.0-beta1+android3","1.1.0-beta1+android4","1.1.0-beta1+android5","1.1.0-beta1+ios1","1.1.0-beta1+ios2","1.1.0-beta1+ios3","1.1.0-beta1+ios4","1.2.0-beta1+android7","1.2.0-beta1+android9","2.0.0","2.0.0-beta1+android10","2.0.0-beta1+android11","2.0.0-rc0","2.0.0-rc1","2.0.0-rc2","2.0.0-rc3","2.0.0-rc4"],"database_specific":{"vanir_signatures":[{"id":"CVE-2020-11085-2400b53d","signature_version":"v1","deprecated":false,"target":{"file":"channels/cliprdr/cliprdr_common.c"},"digest":{"line_hashes":["71316678263115778470361329507058901950","63540122468191937103107350026873264224","311802106057008330910831195565484748179","88442219528543279340249984410341899042","236818773394248061081604530974740996276","188729803353912925768022284096116154610","293512685827824235715399093202038882692","303579114188168452838756809606480706429","179242171078527379441438291443595260482","302037644450793362830990252107106706781","146437598717710508212057032060629376952","235305518902367730881752776020597392161","50943607780670792684217141734050961231","123992897057392158834041219569317059238","40090623701415119895798417467188135203","286002698754695699978868173551371204746","302052338601759565961793481301062284411","277093999041538559639943319074156391720","277141907495603272338991899375378398784","142681840246704475630993268288687255286","80882954800859107975839822879316711483","242917856516449484351546313598304823768","90002681359153429517644005190282609344","270599820833287275900354347987663515905","69249738883686318625784588559319402728","140534088899720478760109524424776359714","6724464783301728266773941107946349830","68012983517036978521471149854357420895","190881312875784621904566973360819377987","290661054656205251552765610330640869365","236773350137408637406022177098079034092","161914990398887684308944318483944182596","28094127606236728584947771229130378881","261208175590299138782560971748175296319","198022217380900924977634518515279232974","143363212442148630519679484952946530092","1862429887198272228960351469094143062","320513254749327974737313484633090497241","61865209773854207088033365335746998841","85622312806252130597541212747606045509","242061107344308146823141931199971851084","154951889956189150162155649308559968549","333074141710635353878506192750459148821","42991730476459113061517562994418791933","73407017586669018435370851976057873903","274315285384316596409966189737972590473","253837040126099377684797670937259048718","134981268559330297806103413679847795898","43848114785217618350281904280907089912","156897186441098143467104864261377628438","13762095066347915966923166648613850754","98784604065071455925477951613183686823","178210971650513841795867552392509721741","239510412079081844005262062076557384060","97459586985064186049107643206241299674","109788831402041431437678269657099952938","112837127432810834075814414088636631573","82837114165069312548998727252748101455","140684051045228495882257140720527403055","29881999773071381577645871117215415039","65327241217629519474646358662864571792","242917856516449484351546313598304823768","90002681359153429517644005190282609344","270599820833287275900354347987663515905","69249738883686318625784588559319402728","140534088899720478760109524424776359714","237440932411539319025246595566403433322","237313903587175490261517822050382511294","40458288375686759039193567450145013751","13762095066347915966923166648613850754","98784604065071455925477951613183686823","283243182047922977302967365559067510904","166649452894050414951209799627045583941","233458237148110770808869733437285346947","264140427637266464769222973233060825673","155020585740210069062249668437140249077","279660447524612550405022729842507346376","86593094957984328246734838956643369060","114562740066795314256878973389545787428","137889393503785426591652500460413235763","196522287637891272989044520842238604457","87240964693278567559417378805484388620","160829556722421556631171694962899545382","299579115608152455135066254831344267687","18395718106416549509875697073289109413","338933464859641274762573489005231306344"],"threshold":0.9},"signature_type":"Line","source":"https://github.com/freerdp/freerdp/commit/b73143cf7ee5fe4cdabcbf56908aa15d8a883821"},{"id":"CVE-2020-11085-3c487e8d","signature_version":"v1","target":{"function":"cliprdr_read_format_list","file":"channels/cliprdr/cliprdr_common.c"},"digest":{"function_hash":"126903225979021343612758508297033349238","length":2709},"deprecated":false,"signature_type":"Function","source":"https://github.com/freerdp/freerdp/commit/b73143cf7ee5fe4cdabcbf56908aa15d8a883821"},{"id":"CVE-2020-11085-53068257","source":"https://github.com/freerdp/freerdp/commit/b73143cf7ee5fe4cdabcbf56908aa15d8a883821","signature_type":"Function","digest":{"function_hash":"286899962749782026485367568772545424260","length":252},"deprecated":false,"target":{"function":"cliprdr_free_format_list","file":"channels/cliprdr/cliprdr_common.c"},"signature_version":"v1"}],"vanir_signatures_modified":"2026-04-11T15:27:45Z","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"15.1"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-11085.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"}]}