7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
0.0004 Low
EPSS
Percentile
10.4%
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP
based clients prior to version 3.5.1 are vulnerable to out-of-bounds read.
This occurs when WCHAR
string is read with twice the size it has and
converted to UTF-8
, base64
decoded. The string is only used to compare
against the redirection server certificate. Version 3.5.1 contains a patch
for the issue. No known workarounds are available.
Author | Note |
---|---|
Priority reason: FreeRDP developers have rated this as being a low severity issue | |
mdeslaur | introduced in https://github.com/FreeRDP/FreeRDP/commit/ae8f0106bd9d79dc0369c19b632c5112338ecad4 |
github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vffh-j6hh-95f4
launchpad.net/bugs/cve/CVE-2024-32662
nvd.nist.gov/vuln/detail/CVE-2024-32662
oss-fuzz.com/testcase-detail/4985227207311360
security-tracker.debian.org/tracker/CVE-2024-32662
ubuntu.com/security/notices/USN-6759-1
www.cve.org/CVERecord?id=CVE-2024-32662