CVE-2024-32041
Description
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, deactivate /gfx (on by default, set /bpp or /rfx options instead.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.446
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| RDP client for Windows Terminal Services (USN-6749-1) libfreerdp2-2_2.10.0+dfsg1-1.1ubuntu1.2_amd64.deb | Linux |
| RDP client for Windows Terminal Services (USN-6749-1) libfreerdp2-2_2.10.0+dfsg1-1.1ubuntu1.2_i386.deb | Linux |
| RDP client for Windows Terminal Services (USN-6749-1) libfreerdp2-2_2.6.1+dfsg1-0ubuntu0.20.04.1_amd64.deb | Linux |
| RDP client for Windows Terminal Services (USN-6749-1) libfreerdp2-2_2.6.1+dfsg1-3ubuntu2.6_amd64.deb | Linux |
| RDP client for Windows Terminal Services (USN-6749-1) libfreerdp2-2_2.6.1+dfsg1-3ubuntu2.6_i386.deb | Linux |
| freerdp Security Update (ALAS-2024-2537) freerdp-2.11.7-1.amzn2.0.1.x86_64.rpm | Linux |
| freerdp Security Update (ALAS-2024-2537) libwinpr-2.11.7-1.amzn2.0.1.i686.rpm | Linux |
| freerdp Security Update (ALAS-2024-2537) libwinpr-2.11.7-1.amzn2.0.1.x86_64.rpm | Linux |
| freerdp Security Update (ALAS-2024-2537) freerdp-libs-2.11.7-1.amzn2.0.1.i686.rpm | Linux |
| freerdp Security Update (ALAS-2024-2537) freerdp-libs-2.11.7-1.amzn2.0.1.x86_64.rpm | Linux |
| freerdp Security Update (ALAS-2024-2537) freerdp-devel-2.11.7-1.amzn2.0.1.x86_64.rpm | Linux |
| freerdp Security Update (ALAS-2024-2537) libwinpr-devel-2.11.7-1.amzn2.0.1.x86_64.rpm | Linux |
| (RHSA-2024:9092)Moderate: security update libwinpr-2.11.7-1.el9.x86_64.rpm | Linux |
| (RHSA-2024:9092)Moderate: security update libwinpr-2.11.7-1.el9.i686.rpm | Linux |
| (RHSA-2024:9092)Moderate: security update freerdp-libs-2.11.7-1.el9.x86_64.rpm | Linux |
| (RHSA-2024:9092)Moderate: security update freerdp-libs-2.11.7-1.el9.i686.rpm | Linux |
| (RHSA-2024:9092)Moderate: security update freerdp-2.11.7-1.el9.x86_64.rpm | Linux |
| Libwinpr update (ELSA-2024-9092) libwinpr-2.11.7-1.el9.x86_64.rpm | Linux |
| Libwinpr update (ELSA-2024-9092) libwinpr-2.11.7-1.el9.i686.rpm | Linux |
| Freerdp-libs update (ELSA-2024-9092) freerdp-libs-2.11.7-1.el9.x86_64.rpm | Linux |
| Freerdp-libs update (ELSA-2024-9092) freerdp-libs-2.11.7-1.el9.i686.rpm | Linux |
| Freerdp update (ELSA-2024-9092) freerdp-2.11.7-1.el9.x86_64.rpm | Linux |
| freerdp security update (RLSA-2024:9092) libwinpr-2.11.7-1.el9.x86_64.rpm | Linux |
| freerdp security update (RLSA-2024:9092) libwinpr-2.11.7-1.el9.i686.rpm | Linux |
| freerdp security update (RLSA-2024:9092) freerdp-libs-2.11.7-1.el9.x86_64.rpm | Linux |
| freerdp security update (RLSA-2024:9092) freerdp-libs-2.11.7-1.el9.i686.rpm | Linux |
| freerdp security update (RLSA-2024:9092) freerdp-2.11.7-1.el9.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234