CVE-2024-32460

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-32460
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based based clients using `/bpp:32` legacy `GDI` drawing path with a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, use modern drawing paths (e.g. `/rfx` or `/gfx` options). The workaround requires server side support.

8.1 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/FreeRDP/FreeRDP/pull/10077 Issue Tracking
https://github.com/FreeRDP/FreeRDP/releases/tag/2.11.6 Release Notes
https://github.com/FreeRDP/FreeRDP/releases/tag/3.5.0 Release Notes
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4rr8-gr65-vqrr Mitigation Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5JL476WVJSIE7SBUKVJRVA6A52V2HOLZ/ Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7SIS6NUNLUBOV4CPCSWKDE6T6C2W3WTR/ Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PX3U6YPZQ7PEJBVKSBUOLWVH7DHROHY5/ Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKI4UISUXYNBPN4K6TIQKDRTIJ6CDCKJ/ Third Party Advisory
https://github.com/FreeRDP/FreeRDP/pull/10077 Issue Tracking
https://github.com/FreeRDP/FreeRDP/releases/tag/2.11.6 Release Notes
https://github.com/FreeRDP/FreeRDP/releases/tag/3.5.0 Release Notes
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4rr8-gr65-vqrr Mitigation Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5JL476WVJSIE7SBUKVJRVA6A52V2HOLZ/ Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7SIS6NUNLUBOV4CPCSWKDE6T6C2W3WTR/ Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PX3U6YPZQ7PEJBVKSBUOLWVH7DHROHY5/ Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKI4UISUXYNBPN4K6TIQKDRTIJ6CDCKJ/ Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*
cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*
History

04 Feb 2025, 17:58

Type Values Removed Values Added
References () https://github.com/FreeRDP/FreeRDP/pull/10077 - () https://github.com/FreeRDP/FreeRDP/pull/10077 - Issue Tracking
References () https://github.com/FreeRDP/FreeRDP/releases/tag/2.11.6 - () https://github.com/FreeRDP/FreeRDP/releases/tag/2.11.6 - Release Notes
References () https://github.com/FreeRDP/FreeRDP/releases/tag/3.5.0 - () https://github.com/FreeRDP/FreeRDP/releases/tag/3.5.0 - Release Notes
References () https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4rr8-gr65-vqrr - () https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4rr8-gr65-vqrr - Mitigation, Vendor Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5JL476WVJSIE7SBUKVJRVA6A52V2HOLZ/ - () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5JL476WVJSIE7SBUKVJRVA6A52V2HOLZ/ - Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7SIS6NUNLUBOV4CPCSWKDE6T6C2W3WTR/ - () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7SIS6NUNLUBOV4CPCSWKDE6T6C2W3WTR/ - Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PX3U6YPZQ7PEJBVKSBUOLWVH7DHROHY5/ - () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PX3U6YPZQ7PEJBVKSBUOLWVH7DHROHY5/ - Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKI4UISUXYNBPN4K6TIQKDRTIJ6CDCKJ/ - () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKI4UISUXYNBPN4K6TIQKDRTIJ6CDCKJ/ - Third Party Advisory
First Time Fedoraproject fedora
Freerdp freerdp
Freerdp
Fedoraproject
CPE cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*

21 Nov 2024, 09:14

Type Values Removed Values Added
References () https://github.com/FreeRDP/FreeRDP/pull/10077 - () https://github.com/FreeRDP/FreeRDP/pull/10077 -
References () https://github.com/FreeRDP/FreeRDP/releases/tag/2.11.6 - () https://github.com/FreeRDP/FreeRDP/releases/tag/2.11.6 -
References () https://github.com/FreeRDP/FreeRDP/releases/tag/3.5.0 - () https://github.com/FreeRDP/FreeRDP/releases/tag/3.5.0 -
References () https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4rr8-gr65-vqrr - () https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4rr8-gr65-vqrr -
References () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5JL476WVJSIE7SBUKVJRVA6A52V2HOLZ/ - () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5JL476WVJSIE7SBUKVJRVA6A52V2HOLZ/ -
References () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7SIS6NUNLUBOV4CPCSWKDE6T6C2W3WTR/ - () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7SIS6NUNLUBOV4CPCSWKDE6T6C2W3WTR/ -
References () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PX3U6YPZQ7PEJBVKSBUOLWVH7DHROHY5/ - () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PX3U6YPZQ7PEJBVKSBUOLWVH7DHROHY5/ -
References () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKI4UISUXYNBPN4K6TIQKDRTIJ6CDCKJ/ - () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKI4UISUXYNBPN4K6TIQKDRTIJ6CDCKJ/ -

10 Jun 2024, 18:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5JL476WVJSIE7SBUKVJRVA6A52V2HOLZ/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PX3U6YPZQ7PEJBVKSBUOLWVH7DHROHY5/ -

10 Jun 2024, 17:16

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7SIS6NUNLUBOV4CPCSWKDE6T6C2W3WTR/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKI4UISUXYNBPN4K6TIQKDRTIJ6CDCKJ/ -

23 Apr 2024, 12:52

Type Values Removed Values Added
Summary
  • (es) FreeRDP es una implementación gratuita del protocolo de escritorio remoto. Los clientes basados en FreeRDP que utilizan la ruta de dibujo `/bpp:32` heredada `GDI` con una versión de FreeRDP anterior a 3.5.0 o 2.11.6 son vulnerables a lecturas fuera de los límites. Las versiones 3.5.0 y 2.11.6 solucionan el problema. Como workaround, utilice rutas de dibujo modernas (por ejemplo, las opciones `/rfx` o `/gfx`). El workaround requiere soporte del lado del servidor.

22 Apr 2024, 22:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-04-22 22:15

Updated : 2025-02-04 17:58

NVD link : CVE-2024-32460

Mitre link : CVE-2024-32460

CVE.ORG link : CVE-2024-32460

JSON object : View

Products Affected

freerdp

  • freerdp

fedoraproject

  • fedora
CWE
CWE-125

Out-of-bounds Read