FreeRDP Vulnerability Affects Clients Prior to Version 3.5.1
CVE-2024-32658

9.8CRITICAL

Key Information:

Vendor

Freerdp

Status
Freerdp
Vendor
CVE Published:
23 April 2024

What is CVE-2024-32658?

The vulnerability in FreeRDP, a widely used free implementation of the Remote Desktop Protocol, affects versions prior to 3.5.1. It enables an out-of-bounds read condition that could allow attackers to access sensitive data from memory. This issue poses a significant security risk, as it could be exploited to reveal confidential information handled by the FreeRDP client. To mitigate this risk, users are advised to upgrade to version 3.5.1, which includes a patch addressing the vulnerability. As of now, there are no known workarounds available for those still using vulnerable versions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

FreeRDP < 3.5.1

References

https://github.com/FreeRDP/FreeRDP/security/advisories/GH...
x_refsource_CONFIRM
https://github.com/FreeRDP/FreeRDP/commit/1a755d898ddc028...
x_refsource_MISC
https://oss-fuzz.com/testcase-detail/4852534033317888
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.