CVE-2020-11041 Information

Description

In FreeRDP less than or equal to 2.0.0 an outside controlled array index is used unchecked for data used as configuration for sound backend (alsa oss pulse …). The most likely outcome is a crash of the client instance followed by no or distorted sound or a session disconnect. If a user cannot upgrade to the patched version a workaround is to disable sound for the session. This has been patched in 2.1.0.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L

Reference

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-w67c-26c4-2h9w

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction Required

HIGH

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

LOW

Base Severity

2.7