Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-32039

Опубликовано: 22 апр. 2024
Источник: debian
EPSS Низкий

Описание

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to integer overflow and out-of-bounds write. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use `/gfx` options (e.g. deactivate with `/bpp:32` or `/rfx` as it is on by default).

Пакеты

ПакетСтатусВерсия исправленияРелизТип
freerdp3not-affectedpackage
freerdp2fixed2.11.7+dfsg1-1package
freerdp2no-dsabookwormpackage
freerdp2postponedbusterpackage

Примечания

  • https://www.freerdp.com/2024/04/17/2_11_6-release

  • https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5h8-7j42-j4r9

  • https://github.com/FreeRDP/FreeRDP/commit/d88ad1acd142769650a6159906ac90f46a766265 (2.11.6)

EPSS

Процентиль: 56%
0.00337
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2024-32039

CVSS3: 9.8
ubuntu
около 1 года назад

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to integer overflow and out-of-bounds write. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use `/gfx` options (e.g. deactivate with `/bpp:32` or `/rfx` as it is on by default).

redhat логотип

CVE-2024-32039

CVSS3: 7.5
redhat
около 1 года назад

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to integer overflow and out-of-bounds write. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use `/gfx` options (e.g. deactivate with `/bpp:32` or `/rfx` as it is on by default).

nvd логотип

CVE-2024-32039

CVSS3: 9.8
nvd
около 1 года назад

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to integer overflow and out-of-bounds write. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use `/gfx` options (e.g. deactivate with `/bpp:32` or `/rfx` as it is on by default).

fstec логотип

BDU:2024-03192

CVSS3: 9.8
fstec
около 1 года назад

Уязвимость RDP-клиента FreeRDP, связанная с целочисленным переполнением, позволяющая нарушителю выполнить произвольный код

suse-cvrf логотип

SUSE-SU-2024:1610-1

suse-cvrf
около 1 года назад

Security update for freerdp

EPSS

Процентиль: 56%
0.00337
Низкий