Vulnerability Details CVE-2024-32658
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. Version 3.5.1 contains a patch for the issue. No known workarounds are available.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 61.8%
CVSS Severity
CVSS v3 Score 9.8
References
- https://github.com/FreeRDP/FreeRDP/commit/1a755d898ddc028cc818d0dd9d49d5acff4c44bf
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vpv3-m3m9-4c2v
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5JL476WVJSIE7SBUKVJRVA6A52V2HOLZ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7SIS6NUNLUBOV4CPCSWKDE6T6C2W3WTR/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PX3U6YPZQ7PEJBVKSBUOLWVH7DHROHY5/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKI4UISUXYNBPN4K6TIQKDRTIJ6CDCKJ/
- https://oss-fuzz.com/testcase-detail/4852534033317888
- https://oss-fuzz.com/testcase-detail/6196819496337408
- https://github.com/FreeRDP/FreeRDP/commit/1a755d898ddc028cc818d0dd9d49d5acff4c44bf
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vpv3-m3m9-4c2v
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5JL476WVJSIE7SBUKVJRVA6A52V2HOLZ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7SIS6NUNLUBOV4CPCSWKDE6T6C2W3WTR/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PX3U6YPZQ7PEJBVKSBUOLWVH7DHROHY5/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKI4UISUXYNBPN4K6TIQKDRTIJ6CDCKJ/
- https://oss-fuzz.com/testcase-detail/4852534033317888
- https://oss-fuzz.com/testcase-detail/6196819496337408
Products affected by CVE-2024-32658
-
cpe:2.3:a:freerdp:freerdp:-
-
cpe:2.3:a:freerdp:freerdp:1.0.0
-
cpe:2.3:a:freerdp:freerdp:1.0.1
-
cpe:2.3:a:freerdp:freerdp:1.0.2
-
cpe:2.3:a:freerdp:freerdp:1.1.0
-
cpe:2.3:a:freerdp:freerdp:1.2.0
-
cpe:2.3:a:freerdp:freerdp:2.0.0
-
cpe:2.3:a:freerdp:freerdp:2.1.0
-
cpe:2.3:a:freerdp:freerdp:2.1.1
-
cpe:2.3:a:freerdp:freerdp:2.1.2
-
cpe:2.3:a:freerdp:freerdp:2.10.0
-
cpe:2.3:a:freerdp:freerdp:2.11.0
-
cpe:2.3:a:freerdp:freerdp:2.11.1
-
cpe:2.3:a:freerdp:freerdp:2.11.2
-
cpe:2.3:a:freerdp:freerdp:2.11.3
-
cpe:2.3:a:freerdp:freerdp:2.11.4
-
cpe:2.3:a:freerdp:freerdp:2.11.5
-
cpe:2.3:a:freerdp:freerdp:2.11.6
-
cpe:2.3:a:freerdp:freerdp:2.2.0
-
cpe:2.3:a:freerdp:freerdp:2.3.0
-
cpe:2.3:a:freerdp:freerdp:2.3.1
-
cpe:2.3:a:freerdp:freerdp:2.3.2
-
cpe:2.3:a:freerdp:freerdp:2.4.0
-
cpe:2.3:a:freerdp:freerdp:2.4.1
-
cpe:2.3:a:freerdp:freerdp:2.5.0
-
cpe:2.3:a:freerdp:freerdp:2.6.0
-
cpe:2.3:a:freerdp:freerdp:2.6.1
-
cpe:2.3:a:freerdp:freerdp:2.7.0
-
cpe:2.3:a:freerdp:freerdp:2.8.0
-
cpe:2.3:a:freerdp:freerdp:2.8.1
-
cpe:2.3:a:freerdp:freerdp:2.9.0
-
cpe:2.3:a:freerdp:freerdp:3.0.0
-
cpe:2.3:a:freerdp:freerdp:3.1.0
-
cpe:2.3:a:freerdp:freerdp:3.2.0
-
cpe:2.3:a:freerdp:freerdp:3.3.0
-
cpe:2.3:a:freerdp:freerdp:3.4.0
-
cpe:2.3:a:freerdp:freerdp:3.5.0
-
cpe:2.3:o:fedoraproject:fedora:38
-
cpe:2.3:o:fedoraproject:fedora:39
-
cpe:2.3:o:fedoraproject:fedora:40