CVE-2020-11041
2.2
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L
Summary
In FreeRDP less than or equal to 2.0.0, an outside controlled array index is used unchecked for data used as configuration for sound backend (alsa, oss, pulse, …). The most likely outcome is a crash of the client instance followed by no or distorted sound or a session disconnect. If a user cannot upgrade to the patched version, a workaround is to disable sound for the session. This has been patched in 2.1.0.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| FreeRDP | FreeRDP | <= 2.0.0 | affected |
Weaknesses
- CWE-129: CWE-129: Improper Validation of Array Index
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-w67c-26c4-2h9w
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html
- https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html
References
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-w67c-26c4-2h9w
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html
- https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.