CVE-2024-32661 FreeRDP rdp_write_logon_info_v1 NULL access

2024-04-2320:05:50

CWE-476

GitHub_M

github.com

cve-2024-32661

freerdp

remote desktop protocol

vulnerability

version 3.5.1

patch

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to a possible NULL access and crash. Version 3.5.1 contains a patch for the issue. No known workarounds are available.

CNA Affected

[
  {
    "vendor": "FreeRDP",
    "product": "FreeRDP",
    "versions": [
      {
        "status": "affected",
        "version": "< 3.5.1"
      }
    ]
  }
]

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*"
    ],
    "vendor": "freerdp",
    "product": "freerdp",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "3.5.1",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]