vulnerability
CentOS Linux: CVE-2020-11041: Moderate: freerdp security, bug fix, and enhancement update (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:L/Au:S/C:N/I:N/A:P) | May 29, 2020 | Oct 1, 2020 | May 25, 2023 |
Severity
4
CVSS
(AV:N/AC:L/Au:S/C:N/I:N/A:P)
Published
May 29, 2020
Added
Oct 1, 2020
Modified
May 25, 2023
Description
In FreeRDP less than or equal to 2.0.0, an outside controlled array index is used unchecked for data used as configuration for sound backend (alsa, oss, pulse, ...). The most likely outcome is a crash of the client instance followed by no or distorted sound or a session disconnect. If a user cannot upgrade to the patched version, a workaround is to disable sound for the session. This has been patched in 2.1.0.
Solutions
centos-upgrade-freerdpcentos-upgrade-freerdp-debuginfocentos-upgrade-freerdp-debugsourcecentos-upgrade-freerdp-develcentos-upgrade-freerdp-libscentos-upgrade-freerdp-libs-debuginfocentos-upgrade-libwinprcentos-upgrade-libwinpr-debuginfocentos-upgrade-libwinpr-develcentos-upgrade-vinagrecentos-upgrade-vinagre-debuginfocentos-upgrade-vinagre-debugsource
References
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.