CVE-2020-11041

EPSS 0.17%
Published 29.05.2020 19:15:10
Last modified 21.11.2024 04:56:39
Source security-advisories@github.com
Teams watchlist Login
Open Login

In FreeRDP less than or equal to 2.0.0, an outside controlled array index is used unchecked for data used as configuration for sound backend (alsa, oss, pulse, ...). The most likely outcome is a crash of the client instance followed by no or distorted sound or a session disconnect. If a user cannot upgrade to the patched version, a workaround is to disable sound for the session. This has been patched in 2.1.0.

Affected products Warnungen 0 Metrics 4 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Freerdp ≫ Freerdp Version < 2.1.0

Opensuse ≫ Leap Version15.1

Debian ≫ Debian Linux Version10.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.17%	0.354

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	2.7	1.2	1.4	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:N/A:P
security-advisories@github.com	2.2	0.7	1.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L

CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html

Third Party Advisory

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-w67c-26c4-2h9w

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-11041

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-11041

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-11041

EUVD