CVE-2024-32659

CVE-2024-32659

Name

CVE-2024-32659

Description

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read if `((nWidth == 0) and (nHeight == 0))`. Version 3.5.1 contains a patch for the issue. No known workarounds are available.

NVD Severity

high

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://github.com/FreeRDP/FreeRDP/commit/6430945ce003a5e24d454d8566f54aae1b6b617b
CONFIRM	https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8jgr-7r33-x87w
MISC	https://oss-fuzz.com/testcase-detail/6156779722440704
Third Party Advisory	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5JL476WVJSIE7SBUKVJRVA6A52V2HOLZ/
Third Party Advisory	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7SIS6NUNLUBOV4CPCSWKDE6T6C2W3WTR/
Third Party Advisory	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PX3U6YPZQ7PEJBVKSBUOLWVH7DHROHY5/
Third Party Advisory	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKI4UISUXYNBPN4K6TIQKDRTIJ6CDCKJ/
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2025/02/msg00016.html

Type

URI

MISC

https://github.com/FreeRDP/FreeRDP/commit/6430945ce003a5e24d454d8566f54aae1b6b617b

CONFIRM

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8jgr-7r33-x87w

MISC

https://oss-fuzz.com/testcase-detail/6156779722440704

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5JL476WVJSIE7SBUKVJRVA6A52V2HOLZ/

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7SIS6NUNLUBOV4CPCSWKDE6T6C2W3WTR/

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PX3U6YPZQ7PEJBVKSBUOLWVH7DHROHY5/

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKI4UISUXYNBPN4K6TIQKDRTIJ6CDCKJ/

af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2025/02/msg00016.html

CPE URI	Source package	Min version	Max version
	freerdp	>= 0	< 3.5.1

CPE URI

Source package

Min version

Max version

freerdp

>= 0

< 3.5.1

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
freerdp	edge-community	2.11.7-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
freerdp	edge-community	2.11.5-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
freerdp	edge-community	2.9.0-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
freerdp	edge-community	2.4.1-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
freerdp	edge-community	2.2.0-r0	None	possibly vulnerable
freerdp	edge-community	2.1.2-r0	None	possibly vulnerable
freerdp	edge-community	2.0.0_rc4-r0	None	possibly vulnerable
freerdp	edge-community	2.0.0-r1	None	possibly vulnerable
freerdp	edge-community	2.0.0-r0	None	possibly vulnerable
freerdp	3.22-community	2.11.7-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
freerdp	3.22-community	2.11.5-r0	None	possibly vulnerable
freerdp	3.22-community	2.9.0-r0	None	possibly vulnerable
freerdp	3.22-community	2.4.1-r0	None	possibly vulnerable
freerdp	3.22-community	2.2.0-r0	None	possibly vulnerable
freerdp	3.22-community	2.1.2-r0	None	possibly vulnerable
freerdp	3.22-community	2.0.0_rc4-r0	None	possibly vulnerable
freerdp	3.22-community	2.0.0-r1	None	possibly vulnerable
freerdp	3.22-community	2.0.0-r0	None	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

References

Match rules

Vulnerable and fixed packages