Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-32460

Опубликовано: 22 апр. 2024
Источник: debian
EPSS Низкий

Описание

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based based clients using `/bpp:32` legacy `GDI` drawing path with a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, use modern drawing paths (e.g. `/rfx` or `/gfx` options). The workaround requires server side support.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
freerdp3not-affectedpackage
freerdp2fixed2.11.7+dfsg1-1package
freerdp2no-dsabookwormpackage
freerdp2postponedbusterpackage

Примечания

  • https://www.freerdp.com/2024/04/17/2_11_6-release

  • https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4rr8-gr65-vqrr

  • https://github.com/FreeRDP/FreeRDP/commit/18cef378eae2b63a1a750da242f00da12b5b3881 (2.11.6)

EPSS

Процентиль: 56%
0.00337
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2024-32460

CVSS3: 8.1
ubuntu
около 1 года назад

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based based clients using `/bpp:32` legacy `GDI` drawing path with a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, use modern drawing paths (e.g. `/rfx` or `/gfx` options). The workaround requires server side support.

redhat логотип

CVE-2024-32460

redhat
около 1 года назад

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based based clients using `/bpp:32` legacy `GDI` drawing path with a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, use modern drawing paths (e.g. `/rfx` or `/gfx` options). The workaround requires server side support.

nvd логотип

CVE-2024-32460

CVSS3: 8.1
nvd
около 1 года назад

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based based clients using `/bpp:32` legacy `GDI` drawing path with a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, use modern drawing paths (e.g. `/rfx` or `/gfx` options). The workaround requires server side support.

fstec логотип

BDU:2024-03222

CVSS3: 7.5
fstec
около 1 года назад

Уязвимость функции interleaved_decompress() RDP-клиента FreeRDP, позволяющая нарушителю раскрыть защищаемую информацию

suse-cvrf логотип

SUSE-SU-2024:1610-1

suse-cvrf
около 1 года назад

Security update for freerdp

EPSS

Процентиль: 56%
0.00337
Низкий