CVE-2024-32459

CVE-2024-32459

Name

CVE-2024-32459

Description

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients and servers that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. No known workarounds are available.

NVD Severity

high

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://github.com/FreeRDP/FreeRDP/pull/10077
MISC	https://github.com/FreeRDP/FreeRDP/releases/tag/2.11.6
MISC	https://github.com/FreeRDP/FreeRDP/releases/tag/3.5.0
CONFIRM	https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cp4q-p737-rmw9
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKI4UISUXYNBPN4K6TIQKDRTIJ6CDCKJ/
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7SIS6NUNLUBOV4CPCSWKDE6T6C2W3WTR/
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PX3U6YPZQ7PEJBVKSBUOLWVH7DHROHY5/
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5JL476WVJSIE7SBUKVJRVA6A52V2HOLZ/
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2025/02/msg00016.html

Type

URI

MISC

https://github.com/FreeRDP/FreeRDP/pull/10077

MISC

https://github.com/FreeRDP/FreeRDP/releases/tag/2.11.6

MISC

https://github.com/FreeRDP/FreeRDP/releases/tag/3.5.0

CONFIRM

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cp4q-p737-rmw9

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKI4UISUXYNBPN4K6TIQKDRTIJ6CDCKJ/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7SIS6NUNLUBOV4CPCSWKDE6T6C2W3WTR/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PX3U6YPZQ7PEJBVKSBUOLWVH7DHROHY5/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5JL476WVJSIE7SBUKVJRVA6A52V2HOLZ/

af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2025/02/msg00016.html

CPE URI	Source package	Min version	Max version
	freerdp	>= 3.0.0	3.5.0
	freerdp	>= 0	< 2.11.6

CPE URI

Source package

Min version

Max version

freerdp

>= 3.0.0

3.5.0

freerdp

>= 0

< 2.11.6

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
freerdp	edge-community	3.20.2-r0	Lindsay Zhou <i@lin.moe>	possibly vulnerable
freerdp	edge-community	3.20.0-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
freerdp	edge-community	3.20.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
freerdp	edge-community	3.18.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
freerdp	edge-community	3.16.0-r3	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
freerdp	edge-community	3.16.0-r2	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
freerdp	edge-community	3.16.0-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
freerdp	edge-community	3.16.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
freerdp	edge-community	3.15.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
freerdp	edge-community	3.14.1-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
freerdp	edge-community	3.10.3-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
freerdp	edge-community	3.10.3-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
freerdp	edge-community	3.10.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
freerdp	edge-community	2.11.5-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
freerdp	edge-community	2.9.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
freerdp	edge-community	2.4.1-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
freerdp	edge-community	2.2.0-r0	None	possibly vulnerable
freerdp	edge-community	2.1.2-r0	None	possibly vulnerable
freerdp	edge-community	2.0.0_rc4-r0	None	possibly vulnerable
freerdp	edge-community	2.0.0-r1	None	possibly vulnerable
freerdp	edge-community	2.0.0-r0	None	possibly vulnerable
freerdp	3.23-community	3.18.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
freerdp	3.22-community	3.15.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
freerdp	3.22-community	2.11.5-r0	None	possibly vulnerable
freerdp	3.22-community	2.9.0-r0	None	possibly vulnerable
freerdp	3.22-community	2.4.1-r0	None	possibly vulnerable
freerdp	3.22-community	2.2.0-r0	None	possibly vulnerable
freerdp	3.22-community	2.1.2-r0	None	possibly vulnerable
freerdp	3.22-community	2.0.0_rc4-r0	None	possibly vulnerable
freerdp	3.22-community	2.0.0-r1	None	possibly vulnerable
freerdp	3.22-community	2.0.0-r0	None	possibly vulnerable
freerdp	3.20-community	2.11.5-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

References

Match rules

Vulnerable and fixed packages