Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2024-32662

Опубликовано: 23 апр. 2024
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. This occurs when WCHAR string is read with twice the size it has and converted to UTF-8, base64 decoded. The string is only used to compare against the redirection server certificate. Version 3.5.1 contains a patch for the issue. No known workarounds are available.

A flaw was found in FreeRDP-based clients. Affected versions of FreeRDP are vulnerable to an out-of-bounds read. This issue occurs when the WCHAR string is read with twice the size it has and converted to UTF-8, base64 decoded. The string is only used to compare against the redirection server certificate.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6freerdpOut of support scope
Red Hat Enterprise Linux 7freerdpOut of support scope
Red Hat Enterprise Linux 8freerdpWill not fix
Red Hat Enterprise Linux 9freerdpFixedRHSA-2024:909212.11.2024

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=2276804freerdp: out-of-bounds read

EPSS

Процентиль: 55%
0.00331
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2024-32662

CVSS3: 7.5
ubuntu
около 1 года назад

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. This occurs when `WCHAR` string is read with twice the size it has and converted to `UTF-8`, `base64` decoded. The string is only used to compare against the redirection server certificate. Version 3.5.1 contains a patch for the issue. No known workarounds are available.

nvd логотип

CVE-2024-32662

CVSS3: 7.5
nvd
около 1 года назад

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. This occurs when `WCHAR` string is read with twice the size it has and converted to `UTF-8`, `base64` decoded. The string is only used to compare against the redirection server certificate. Version 3.5.1 contains a patch for the issue. No known workarounds are available.

debian логотип

CVE-2024-32662

CVSS3: 7.5
debian
около 1 года назад

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeR ...

fstec логотип

BDU:2024-03395

CVSS3: 7.5
fstec
около 1 года назад

Уязвимость RDP-клиента FreeRDP, связанная с чтением за границами памяти, позволяющая нарушителю оказать воздействие на целостность защищаемой информации

oracle-oval логотип

ELSA-2024-9092

oracle-oval
7 месяцев назад

ELSA-2024-9092: freerdp security update (MODERATE)

EPSS

Процентиль: 55%
0.00331
Низкий

7.5 High

CVSS3