Lucene search

K

[email protected]NVD:CVE-2024-32660

HistoryApr 23, 2024 - 8:15 p.m.

CVE-2024-32660

2024-04-2320:15:07

CWE-770

[email protected]

web.nvd.nist.gov

1

freerdp

remote desktop protocol

version 3.5.1

patch

malicious server

crash

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

8.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.4%

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.5.1, a malicious server can crash the FreeRDP client by sending invalid huge allocation size. Version 3.5.1 contains a patch for the issue. No known workarounds are available.

References

github.com/FreeRDP/FreeRDP/commit/5e5d27cf310e4c10b854be7667bfb7a5d774eb47

github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mxv6-2cw6-m3mx

lists.fedoraproject.org/archives/list/[email protected]/message/5JL476WVJSIE7SBUKVJRVA6A52V2HOLZ/

lists.fedoraproject.org/archives/list/[email protected]/message/7SIS6NUNLUBOV4CPCSWKDE6T6C2W3WTR/

lists.fedoraproject.org/archives/list/[email protected]/message/PX3U6YPZQ7PEJBVKSBUOLWVH7DHROHY5/

lists.fedoraproject.org/archives/list/[email protected]/message/ZKI4UISUXYNBPN4K6TIQKDRTIJ6CDCKJ/

oss-fuzz.com/testcase-detail/5559242514825216

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

8.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.4%

Related for NVD:CVE-2024-32660

cve1 osv3 ubuntucve1 veracode1 cvelist1 vulnrichment1 debiancve1 wolfi1 redhatcve1 cgr1 nessus11 ubuntu2 openvas7 amazon1 fedora4