Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-32662

Опубликовано: 23 апр. 2024
Источник: debian

Описание

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. This occurs when `WCHAR` string is read with twice the size it has and converted to `UTF-8`, `base64` decoded. The string is only used to compare against the redirection server certificate. Version 3.5.1 contains a patch for the issue. No known workarounds are available.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
freerdp3fixed3.5.1+dfsg1-1package
freerdp2not-affectedpackage

Примечания

  • https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vffh-j6hh-95f4

  • https://github.com/FreeRDP/FreeRDP/commit/626d10a94a88565d957ddc30768ed08b320049a7 (3.5.1)

  • Introduced by: https://github.com/FreeRDP/FreeRDP/commit/ae8f0106bd9d79dc0369c19b632c5112338ecad4 (3.0.0-beta1)

Связанные уязвимости

ubuntu логотип

CVE-2024-32662

CVSS3: 7.5
ubuntu
около 1 года назад

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. This occurs when `WCHAR` string is read with twice the size it has and converted to `UTF-8`, `base64` decoded. The string is only used to compare against the redirection server certificate. Version 3.5.1 contains a patch for the issue. No known workarounds are available.

redhat логотип

CVE-2024-32662

CVSS3: 7.5
redhat
около 1 года назад

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. This occurs when `WCHAR` string is read with twice the size it has and converted to `UTF-8`, `base64` decoded. The string is only used to compare against the redirection server certificate. Version 3.5.1 contains a patch for the issue. No known workarounds are available.

nvd логотип

CVE-2024-32662

CVSS3: 7.5
nvd
около 1 года назад

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. This occurs when `WCHAR` string is read with twice the size it has and converted to `UTF-8`, `base64` decoded. The string is only used to compare against the redirection server certificate. Version 3.5.1 contains a patch for the issue. No known workarounds are available.

fstec логотип

BDU:2024-03395

CVSS3: 7.5
fstec
около 1 года назад

Уязвимость RDP-клиента FreeRDP, связанная с чтением за границами памяти, позволяющая нарушителю оказать воздействие на целостность защищаемой информации

oracle-oval логотип

ELSA-2024-9092

oracle-oval
7 месяцев назад

ELSA-2024-9092: freerdp security update (MODERATE)