#VU28507 Improper Validation of Array Index in FreeRDP - CVE-2020-11041

Cybersecurity Help s.r.o.

Published: 2020-06-02

Vulnerability identifier: #VU28507

Vulnerability risk: Low

CVSSv4.0: 0.5 [CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2020-11041

CWE-ID: CWE-129

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
FreeRDP
Universal components / Libraries / Libraries used by multiple products

Vendor: FreeRDP

Description

The vulnerability allows a remote user to perform a denal of service (DoS) attack.

The vulnerability exists due to unchecked read of array offset in "rdpsnd_recv_wave2_pdu". A remote administrator can crash the client instance followed by no or distorted sound or a session disconnect.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

FreeRDP: 1.0 beta1 - 2.0.0

External links
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-w67c-26c4-2h9w

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Anolis OS update for freerdp (Anolis OS 8.4)

Red Hat Enterprise Linux 8 update for freerdp and vinagre

Red Hat Enterprise Linux 7 update for freerdp

OpenSUSE Linux update for freerdp

Multiple vulnerabilities in FreeRDP