In FreeRDP less than or equal to 2.0.0, an outside controlled array index is used unchecked for data used as configuration for sound backend (alsa, oss, pulse, ...). The most likely outcome is a crash of the client instance followed by no or distorted sound or a session disconnect. If a user cannot upgrade to the patched version, a workaround is to disable sound for the session. This has been patched in 2.1.0.
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html | Third Party Advisory |
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-w67c-26c4-2h9w | Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html | Mailing List Third Party Advisory |
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html | Third Party Advisory |
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-w67c-26c4-2h9w | Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html | Mailing List Third Party Advisory |
Configurations
History
21 Nov 2024, 04:56
Type | Values Removed | Values Added |
---|---|---|
References | () http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html - Third Party Advisory | |
References | () https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-w67c-26c4-2h9w - Third Party Advisory | |
References | () https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html - Mailing List, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : 4.0
v3 : 2.2 |
24 Oct 2023, 15:30
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html - Mailing List, Third Party Advisory | |
First Time |
Debian debian Linux
Debian |
07 Oct 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2020-05-29 19:15
Updated : 2024-11-21 04:56
NVD link : CVE-2020-11041
Mitre link : CVE-2020-11041
CVE.ORG link : CVE-2020-11041
JSON object : View
Products Affected
freerdp
- freerdp
debian
- debian_linux
opensuse
- leap
CWE
CWE-129
Improper Validation of Array Index