CVE-2024-32041
moderate-risk
Published 2024-04-22
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, deactivate `/gfx` (on by default, set `/bpp` or `/rfx` options instead.
Do I need to act?
-
0.29% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
+
Fix available
Upgrade to: dee7e7e7c609c5192273cf8c20540c729ddcb3b0
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Vendors
References (16)
Issue Tracking
https://github.com/FreeRDP/FreeRDP/pull/10077
Release Notes
https://github.com/FreeRDP/FreeRDP/releases/tag/2.11.6
Release Notes
https://github.com/FreeRDP/FreeRDP/releases/tag/3.5.0
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproje...
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproje...
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproje...
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproje...
Issue Tracking
https://github.com/FreeRDP/FreeRDP/pull/10077
Release Notes
https://github.com/FreeRDP/FreeRDP/releases/tag/2.11.6
Release Notes
https://github.com/FreeRDP/FreeRDP/releases/tag/3.5.0
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproje...
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproje...
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproje...
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproje...
43
/ 100
moderate-risk
Severity
32/34 · Critical
Exploitability
1/34 · Minimal
Exposure
10/34 · Low