9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
4.4 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
29.8%
FreeRDP is a collection of remote desktop protocol library and client software that is both free and open source. An integer overflow within freerdp_bitmap_planar_context_reset results in a heap-buffer overflow. This impacts clients built on FreeRDP. However, server implementations and proxies based on FreeRDP are unaffected. A malevolent server could create a RDPGFX_RESET_GRAPHICS_PDU to allocate buffers that are too small, potentially causing subsequent out-of-bounds reads/writes. It’s important to note that data extraction over the network is not feasible; these buffers are utilized solely for displaying images.
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
bugzilla.redhat.com/show_bug.cgi?id=2259483
github.com/FreeRDP/FreeRDP/commit/939e922936e9c3ae8fc204968645e5e7563a2fff
github.com/FreeRDP/FreeRDP/commit/aeac3040cc99eeaff1e1171a822114c857b9dca9
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rjhp-44rv-7v59
nvd.nist.gov/vuln/detail/CVE-2024-22211
www.cve.org/CVERecord?id=CVE-2024-22211
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
4.4 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
29.8%