CVE-2024-32458

CVE-2024-32458

Name

CVE-2024-32458

Description

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, use `/gfx` or `/rfx` modes (on by default, require server side support).

NVD Severity

high

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://github.com/FreeRDP/FreeRDP/pull/10077
MISC	https://github.com/FreeRDP/FreeRDP/releases/tag/2.11.6
MISC	https://github.com/FreeRDP/FreeRDP/releases/tag/3.5.0
CONFIRM	https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vvr6-h646-mp4p
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKI4UISUXYNBPN4K6TIQKDRTIJ6CDCKJ/
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7SIS6NUNLUBOV4CPCSWKDE6T6C2W3WTR/
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PX3U6YPZQ7PEJBVKSBUOLWVH7DHROHY5/
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5JL476WVJSIE7SBUKVJRVA6A52V2HOLZ/
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2025/02/msg00016.html

Type

URI

MISC

https://github.com/FreeRDP/FreeRDP/pull/10077

MISC

https://github.com/FreeRDP/FreeRDP/releases/tag/2.11.6

MISC

https://github.com/FreeRDP/FreeRDP/releases/tag/3.5.0

CONFIRM

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vvr6-h646-mp4p

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKI4UISUXYNBPN4K6TIQKDRTIJ6CDCKJ/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7SIS6NUNLUBOV4CPCSWKDE6T6C2W3WTR/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PX3U6YPZQ7PEJBVKSBUOLWVH7DHROHY5/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5JL476WVJSIE7SBUKVJRVA6A52V2HOLZ/

af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2025/02/msg00016.html

CPE URI	Source package	Min version	Max version
	freerdp	>= 3.0.0	3.5.0
	freerdp	>= 0	< 2.11.6

CPE URI

Source package

Min version

Max version

freerdp

>= 3.0.0

3.5.0

freerdp

>= 0

< 2.11.6

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
freerdp	3.20-community	2.11.5-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
freerdp	edge-community	3.10.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
freerdp	edge-community	3.10.3-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
freerdp	edge-community	3.10.3-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
freerdp	edge-community	3.14.1-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
freerdp	edge-community	3.15.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
freerdp	edge-community	3.16.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
freerdp	edge-community	3.16.0-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
freerdp	3.22-community	3.15.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
freerdp	edge-community	3.16.0-r2	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
freerdp	edge-community	3.16.0-r3	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

freerdp

3.20-community

2.11.5-r1

Natanael Copa <ncopa@alpinelinux.org>

possibly vulnerable

freerdp

edge-community