CVE-2024-22211

Name
CVE-2024-22211
Description
FreeRDP is a set of free and open source remote desktop protocol library and clients. In affected versions an integer overflow in `freerdp_bitmap_planar_context_reset` leads to heap-buffer overflow. This affects FreeRDP based clients. FreeRDP based server implementations and proxy are not affected. A malicious server could prepare a `RDPGFX_RESET_GRAPHICS_PDU` to allocate too small buffers, possibly triggering later out of bound read/write. Data extraction over network is not possible, the buffers are used to display an image. This issue has been addressed in version 2.11.5 and 3.2.0. Users are advised to upgrade. there are no know workarounds for this vulnerability.
NVD Severity
low
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://github.com/FreeRDP/FreeRDP/commit/939e922936e9c3ae8fc204968645e5e7563a2fff
MISC https://github.com/FreeRDP/FreeRDP/commit/aeac3040cc99eeaff1e1171a822114c857b9dca9
CONFIRM https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rjhp-44rv-7v59
security-advisories@github.com https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/44VOA5KQQT7KQPW7CLST4Y4SQTKK3IOU/
security-advisories@github.com https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PIQE3YSPOJPAUS7DPWIBTR5IQSQX35VM/
af854a3a-2127-422b-91ae-364da2661108 https://lists.debian.org/debian-lts-announce/2025/02/msg00016.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:* freerdp >= 3.0.0 < 3.2.0
freerdp >= 0 < 2.11.5

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
freerdp2 edge-community 2.11.5-r0 None fixed
freerdp2 3.22-community 2.11.5-r0 None fixed
freerdp edge-community 2.11.5-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
freerdp edge-community 2.9.0-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
freerdp edge-community 2.4.1-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
freerdp edge-community 2.2.0-r0 None possibly vulnerable
freerdp edge-community 2.1.2-r0 None possibly vulnerable
freerdp edge-community 2.0.0_rc4-r0 None possibly vulnerable
freerdp edge-community 2.0.0-r1 None possibly vulnerable
freerdp edge-community 2.0.0-r0 None possibly vulnerable
freerdp 3.22-community 2.11.5-r0 None fixed
freerdp 3.22-community 2.9.0-r0 None possibly vulnerable
freerdp 3.22-community 2.4.1-r0 None possibly vulnerable
freerdp 3.22-community 2.2.0-r0 None possibly vulnerable
freerdp 3.22-community 2.1.2-r0 None possibly vulnerable
freerdp 3.22-community 2.0.0_rc4-r0 None possibly vulnerable
freerdp 3.22-community 2.0.0-r1 None possibly vulnerable
freerdp 3.22-community 2.0.0-r0 None possibly vulnerable
freerdp 3.21-community 2.11.5-r0 None fixed
freerdp 3.20-community 2.11.5-r0 None fixed
freerdp 3.19-community 2.11.5-r0 Natanael Copa <ncopa@alpinelinux.org> fixed