FreeRDP Vulnerability Affects Clients and Servers Prior to 3.5.0 and 2.11.6
CVE-2024-32459

9.8CRITICAL

Key Information:

Vendor: Freerdp
Status: Freerdp
Vendor: CVE Published:; 22 April 2024

Badges

👾 Exploit Exists🟣 EPSS 10%

What is CVE-2024-32459?

FreeRDP, a widely-used implementation of the Remote Desktop Protocol, has an out-of-bounds read vulnerability that affects versions prior to 3.5.0 and 2.11.6. This vulnerability can potentially allow unauthorized information disclosure through improper handling of input. Users and organizations utilizing versions before the patched releases must take caution as no workarounds are available. It is crucial for users to update to the fixed versions 3.5.0 or 2.11.6 to mitigate potential risks associated with this vulnerability.

Affected Version(s)

FreeRDP >= 3.0.0, 3.5.0 >= 3.0.0, 3.5.0

FreeRDP < 2.11.6 < 2.11.6

References

https://github.com/FreeRDP/FreeRDP/security/advisories/GH...

x_refsource_CONFIRM

https://github.com/FreeRDP/FreeRDP/pull/10077

x_refsource_MISC

https://github.com/FreeRDP/FreeRDP/releases/tag/2.11.6

x_refsource_MISC

EPSS Score

10% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
May 22, 2024
👾
Exploit known to exist
May 22, 2024
Vulnerability published
Apr 22, 2024
Vulnerability Reserved
Apr 12, 2024

JSON

Freerdp

Badges

What is CVE-2024-32459?

Affected Version(s)

References

EPSS Score

CVSS V3.1

Timeline