FreeRDP vulnerable to out-of-bounds read
CVE-2024-32662

7.5HIGH

Key Information:

Vendor

Freerdp

Status
Freerdp
Vendor
CVE Published:
23 April 2024

What is CVE-2024-32662?

FreeRDP, a widely used free implementation of the Remote Desktop Protocol, has a vulnerability that affects clients running versions before 3.5.1. This vulnerability arises from an out-of-bounds read flaw when WCHAR strings are incorrectly processed, being read at double their actual size and subsequently converted to UTF-8. This improper handling can expose sensitive information while comparing against the redirection server certificate. The issue was addressed in version 3.5.1, which includes a patch to mitigate this vulnerability. No workarounds are available for those still using the affected versions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

FreeRDP < 3.5.1

References

https://github.com/FreeRDP/FreeRDP/security/advisories/GH...
x_refsource_CONFIRM
https://github.com/FreeRDP/FreeRDP/commit/626d10a94a88565...
x_refsource_MISC
https://oss-fuzz.com/testcase-detail/4985227207311360
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.