Vulnerability Description
In FreeRDP less than or equal to 2.0.0, an outside controlled array index is used unchecked for data used as configuration for sound backend (alsa, oss, pulse, ...). The most likely outcome is a crash of the client instance followed by no or distorted sound or a session disconnect. If a user cannot upgrade to the patched version, a workaround is to disable sound for the session. This has been patched in 2.1.0.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Freerdp | Freerdp | < 2.1.0 |
| Opensuse | Leap | 15.1 |
| Debian | Debian Linux | 10.0 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.htmlThird Party Advisory
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-w67c-26c4-2h9wThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2023/10/msg00008.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.htmlThird Party Advisory
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-w67c-26c4-2h9wThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2023/10/msg00008.htmlMailing ListThird Party Advisory
FAQ
What is CVE-2020-11041?
CVE-2020-11041 is a vulnerability with a CVSS score of 2.2 (LOW). In FreeRDP less than or equal to 2.0.0, an outside controlled array index is used unchecked for data used as configuration for sound backend (alsa, oss, pulse, ...). The most likely outcome is a crash...
How severe is CVE-2020-11041?
CVE-2020-11041 has been rated LOW with a CVSS base score of 2.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-11041?
Check the references section above for vendor advisories and patch information. Affected products include: Freerdp Freerdp, Opensuse Leap, Debian Debian Linux.