PT-2024-3185 · Freerdp+9 · Freerdp+9

Lowak

Published

2024-04-23

Updated

2026-03-10

CVE-2024-32660

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.5.1

Description The issue is related to an unbounded resource allocation in the FreeRDP client, which can be exploited by a remote attacker to cause a denial of service. A malicious server can crash the FreeRDP client by sending an invalid huge allocation size.

Recommendations For versions prior to 3.5.1, update to version 3.5.1 to resolve the issue. As a temporary workaround, consider restricting access to the FreeRDP client until the update is applied.

Exploit

Fix

DoS

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

ALT-PU-2025-4980

BDU:2024-03403

CVE-2024-32660

DLA-4053-1

GHSA-MXV6-2CW6-M3MX

INFSA-2024_9092

OESA-2024-1515

OPENSUSE-SU-2024:13994-1

OPENSUSE-SU-2024_1856-1

OPENSUSE-SU-2024_2631-1

OPENSUSE-SU-2026:10123-1

OPENSUSE-SU-2026:20339-1

RHSA-2024:9092

RHSA-2024_9092

RLSA-2024:9092

SUSE-SU-2024:1835-1

SUSE-SU-2024:1856-1

SUSE-SU-2024:2631-1

USN-6752-1

USN-6759-1

USN-7371-1

Affected Products

Alt Linux

Astra Linux

Debian

Freerdp

Linuxmint

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

PT-2024-3185 · Freerdp+9 · Freerdp+9

CVE-2024-32660

Weakness Enumeration

Related Identifiers

Affected Products

References · 153