CVE-2020-11041
LOWFreeRDP <= 2.0.0 - Denial of Service via Unchecked Array Index in Sound Backend Configuration
Title source: llmDescription
In FreeRDP less than or equal to 2.0.0, an outside controlled array index is used unchecked for data used as configuration for sound backend (alsa, oss, pulse, ...). The most likely outcome is a crash of the client instance followed by no or distorted sound or a session disconnect. If a user cannot upgrade to the patched version, a workaround is to disable sound for the session. This has been patched in 2.1.0.
References (3)
Core 3
Core References
Third Party Advisory vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2023/10/msg00008.html
Third Party Advisory
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-w67c-26c4-2h9w
Scores
CVSS v3
2.2
EPSS
0.0017
EPSS Percentile
38.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L
Details
CWE
CWE-129
Status
published
Products (3)
debian/debian_linux
10.0
freerdp/freerdp
< 2.1.0
opensuse/leap
15.1
Published
May 29, 2020
Tracked Since
Feb 18, 2026