CVE-2024-32039

Summary

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to integer overflow and out-of-bounds write. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use /gfx options (e.g. deactivate with /bpp:32 or /rfx as it is on by default).

Affected Software

VendorProductVersion RangeStatus
FreeRDPFreeRDP>= 3.0.0, 3.5.0affected
FreeRDPFreeRDP< 2.11.6affected

Weaknesses

  • CWE-190: CWE-190: Integer Overflow or Wraparound
  • CWE-787: CWE-787: Out-of-bounds Write

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References