Skip to content

Unchecked read of array offset in rdpsnd_recv_wave2_pdu

Low
bmiklautz published GHSA-w67c-26c4-2h9w May 29, 2020

Package

freerdp

Affected versions

<= 2.0.0

Patched versions

2.1.0

Description

Impact

  • All FreeRDP clients all platforms
  • Outside controlled array index is used unchecked for data used as configuration for sound backend (alsa, oss, pulse, ...)
  • Most likely outcome is a crash of the client instance followed by no or distorted sound or a session disconnect

Patches

2.1.0

Workarounds

Disable sound for the session

References

Severity

Low

CVE ID

CVE-2020-11041

Weaknesses

No CWEs