THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Zendesk (Helpdesk and Chat)

Ok

PUBLISHED

CVE-2024-32662

FreeRDP rdp_redirection_read_base64_wchar out of bound read

Reserved:2024-04-16
Published:2024-04-23
Updated:2024-06-06

Description

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. This occurs when `WCHAR` string is read with twice the size it has and converted to `UTF-8`, `base64` decoded. The string is only used to compare against the redirection server certificate. Version 3.5.1 contains a patch for the issue. No known workarounds are available.



HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Problem types

CWE-125: Out-of-bounds Read

Product status

< 3.5.1
affected

References

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vffh-j6hh-95f4

https://github.com/FreeRDP/FreeRDP/commit/626d10a94a88565d957ddc30768ed08b320049a7

https://oss-fuzz.com/testcase-detail/4985227207311360

cve.org CVE-2024-32662

nvd.nist.gov CVE-2024-32662

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-32662