PT-2024-3182 · Freerdp+5 · Freerdp+5

Lowakallabeth

·

Published

2024-04-23

·

Updated

2025-03-17

·

CVE-2024-32662

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.5.1
Description The issue is related to an out-of-bounds read in FreeRDP, a free implementation of the Remote Desktop Protocol. This occurs when a WCHAR string is read with twice its size and converted to UTF-8, then base64 decoded. The string is used to compare against the redirection server certificate. There are no known workarounds available.
Recommendations For versions prior to 3.5.1, update to version 3.5.1 to resolve the issue. As a temporary workaround, consider restricting the use of the WCHAR string conversion to UTF-8 and base64 decoding until a patch is applied.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

BDU:2024-03395
CVE-2024-32662
GHSA-VFFH-J6HH-95F4
INFSA-2024_9092
RHSA-2024:9092
RHSA-2024_9092
RLSA-2024:9092
USN-6759-1

Affected Products

Freerdp
Linuxmint
Red Hat
Red Os
Rocky Linux
Ubuntu