THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Fathom (Privacy friendly web analytics)
Zendesk (Helpdesk and Chat)

Ok

Home | EN
Support
CVE
PUBLISHED

CVE-2024-32662

FreeRDP rdp_redirection_read_base64_wchar out of bound read

AssignerGitHub_M
Reserved2024-04-16
Published2024-04-23
Updated2024-07-26

Description

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. This occurs when `WCHAR` string is read with twice the size it has and converted to `UTF-8`, `base64` decoded. The string is only used to compare against the redirection server certificate. Version 3.5.1 contains a patch for the issue. No known workarounds are available.



HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Problem types

CWE-125: Out-of-bounds Read

Product status

< 3.5.1
affected

References

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vffh-j6hh-95f4

https://github.com/FreeRDP/FreeRDP/commit/626d10a94a88565d957ddc30768ed08b320049a7

https://oss-fuzz.com/testcase-detail/4985227207311360

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKI4UISUXYNBPN4K6TIQKDRTIJ6CDCKJ/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7SIS6NUNLUBOV4CPCSWKDE6T6C2W3WTR/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PX3U6YPZQ7PEJBVKSBUOLWVH7DHROHY5/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5JL476WVJSIE7SBUKVJRVA6A52V2HOLZ/

cve.org CVE-2024-32662

nvd.nist.gov CVE-2024-32662

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-32662
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
© Copyright 2024 THREATINT. Made in Cyprus with +