In FreeRDP less than or equal to 2.0.0, when using a manipulated server with USB redirection enabled (nearly) arbitrary memory can be read and written due to integer overflows in length checks. This has been patched in 2.1.0.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11039
Reference (s):
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mx9p-f6q8-mqwq
- SUSE:openSUSE-SU-2020:1090
- URL: http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00080.html