FreeRDP Vulnerability: Out-of-Bounds Read in Legacy Clients
CVE-2024-32460

8.1HIGH

Key Information:

Vendor

Freerdp

Status
Freerdp
Vendor
CVE Published:
22 April 2024

What is CVE-2024-32460?

FreeRDP is an open-source implementation of the Remote Desktop Protocol that is vulnerable to an out-of-bounds read condition in clients that utilize the legacy GDI drawing path with the /bpp:32 option. This vulnerability affects FreeRDP versions earlier than 3.5.0 and 2.11.6. Users are encouraged to upgrade to these patched versions to mitigate the risk. Alternatively, employing modern drawing paths such as /rfx or /gfx can serve as a workaround, although this requires corresponding support from the server side.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

FreeRDP >= 3.0.0, 3.5.0 >= 3.0.0, 3.5.0

FreeRDP < 2.11.6 < 2.11.6

References

https://github.com/FreeRDP/FreeRDP/security/advisories/GH...
x_refsource_CONFIRM
https://github.com/FreeRDP/FreeRDP/pull/10077
x_refsource_MISC
https://github.com/FreeRDP/FreeRDP/releases/tag/2.11.6
x_refsource_MISC

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.