MiracleLinux 9 : freerdp-2.11.7-1.el9 (AXSA:2024-9208:05)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9208:05 advisory. freerdp: Integer Overflow leading to Heap Overflow in freerdpbitmapplanarcontextreset CVE-2024-22211 freerdp: out-of-bounds read in ncrushdecompress...

MiracleLinux 7 : freerdp-2.1.1-5.0.3.el7.AXS7 (AXSA:2025-9718:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-9718:01 advisory. FreeRDP is a fork of the rdesktop project. Security fixes: - CVE-2024-32458: fix missing input length checks - CVE-2024-32459: fix missing input...

TencentOS Server 4: freerdp (TSSA-2024:0137)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0137 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

RockyLinux 9 : freerdp (RLSA-2024:9092)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:9092 advisory. freerdp: Integer Overflow leading to Heap Overflow in freerdpbitmapplanarcontextreset CVE-2024-22211 freerdp: out-of-bounds read in ncrushdecompress...

USN-7341-1 freerdp2 vulnerabilities

Evgeny Legerov discovered that FreeRDP incorrectly handled certain memory operations. If a user were tricked into connecting to a malicious server, a remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2024-3203...

Linux Distros Unpatched Vulnerability : CVE-2024-32040

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 and have connectio...

CVE-2024-32040

creationtimestamp| type| source ---|---|--- 2025-02-06 02:42:28+00:00| seen| Telegram/gpTaus-NnMuh4aRTNbk64fYFBsfp4KIqrW2Sce-wovE1NyT3...

Huawei EulerOS: Security Advisory for freerdp (EulerOS-SA-2025-1120)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 9 : freerdp (RHSA-2024:9092)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:9092 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to R...

Fedora: Security Advisory (FEDORA-2024-050266dc33)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-982a7184e0)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-1b11432d52)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux 2 : freerdp (ALAS-2024-2537)

The version of freerdp installed on the remote host is prior to 2.11.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2537 advisory. 2024-06-06: CVE-2024-32660 was added to this advisory. FreeRDP is a set of free and open source remote desktop protocol...

openSUSE Security Advisory (SUSE-SU-2024:1610-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED12 / SLES12 Security Update : freerdp (SUSE-SU-2024:1609-1)

The remote SUSE Linux SLED12 / SLEDSAP12 / SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1609-1 advisory. - FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using a version of...

SUSE-SU-2024:1609-1 Security update for freerdp

This update for freerdp fixes the following issues: - CVE-2024-32039: Fixed an out-of-bounds write with variables of type uint32 bsc1223293 - CVE-2024-32040: Fixed a integer underflow when using the 'NSC' codec bsc1223294 - CVE-2024-32041: Fixed an out-of-bounds read in StreamGetRemainingLength...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : FreeRDP vulnerabilities (USN-6749-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6749-1 advisory. It was discovered that FreeRDP incorrectly handled certain context resets. If a user were tricked into connecting to a malicious...

USN-6749-1: FreeRDP vulnerabilities

It was discovered that FreeRDP incorrectly handled certain context resets. If a user were tricked into connecting to a malicious server, a remote attacker could use this issue to cause FreeRDP to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2024-22211 Evgeny...

CVE-2024-32040 FreeRDP vulnerable to integer underflow in nsc_rle_decode

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 and have connections to servers using the NSC codec are vulnerable to integer underflow. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not...

CVE-2024-32040

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 and have connections to servers using the NSC codec are vulnerable to integer underflow. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not...