CVE-2020-11041

In FreeRDP less than or equal to 2.0.0, an outside controlled array index is used unchecked for data used as configuration for sound backend (alsa, oss, pulse, ...). The most likely outcome is a crash of the client instance followed by no or distorted sound or a session disconnect. If a user cannot upgrade to the patched version, a workaround is to disable sound for the session. This has been patched in 2.1.0.
Configurations

Configuration 1 (hide)

cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

History

21 Nov 2024, 04:56

Type Values Removed Values Added
References () http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html - Third Party Advisory () http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html - Third Party Advisory
References () https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-w67c-26c4-2h9w - Third Party Advisory () https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-w67c-26c4-2h9w - Third Party Advisory
References () https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html - Mailing List, Third Party Advisory () https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html - Mailing List, Third Party Advisory
CVSS v2 : 4.0
v3 : 2.7
v2 : 4.0
v3 : 2.2

24 Oct 2023, 15:30

Type Values Removed Values Added
CPE cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
References (MLIST) https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html - (MLIST) https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html - Mailing List, Third Party Advisory
First Time Debian debian Linux
Debian

07 Oct 2023, 21:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html -

Information

Published : 2020-05-29 19:15

Updated : 2024-11-21 04:56


NVD link : CVE-2020-11041

Mitre link : CVE-2020-11041

CVE.ORG link : CVE-2020-11041


JSON object : View

Products Affected

freerdp

  • freerdp

debian

  • debian_linux

opensuse

  • leap
CWE
CWE-129

Improper Validation of Array Index