Home > Vulnerability Database > CVE-2020-11041

Mend Vulnerability Database

CVE-2020-11041

Good to know:

Date: May 29, 2020

In FreeRDP less than or equal to 2.0.0, an outside controlled array index is used unchecked for data used as configuration for sound backend (alsa, oss, pulse, ...). The most likely outcome is a crash of the client instance followed by no or distorted sound or a session disconnect. If a user cannot upgrade to the patched version, a workaround is to disable sound for the session. This has been patched in 2.1.0.

Language: C

Severity Score

2.7

Related Resources (5)

Url: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-w67c-26c4-2h9w

Url: https://security-tracker.debian.org/tracker/CVE-2020-11041

Url: http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-11041

Url: https://www.mend.io/vulnerability-database/CVE-2020-11041

Severity Score

2.7

Weakness Type (CWE)

Improper Validation of Array Index

CWE-129

Top Fix

Upgrade Version

Upgrade to version 2.1.0

Learn More

CVSS v3.1

Base Score:	2.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

CVSS v2

Base Score:	4.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	SINGLE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend Vulnerability Database

We found results for “”

CVE-2020-11041

Good to know:

Date: May 29, 2020

Language: C

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?