Vulnerability CVE-2024-32041: Information

Description

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, deactivate `/gfx` (on by default, set `/bpp` or `/rfx` options instead.

URL: https://nvd.nist.gov/vuln/detail/CVE-2024-32041
Published: April 23, 2024
Modified: April 23, 2024

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
freerdpsisyphus2.11.6-alt12.11.7-alt2ALT-PU-2024-6814-1345418Fixed
freerdpsisyphus_e2k2.11.7-alt1.12.11.7-alt2ALT-PU-2024-7151-1-Fixed
freerdpsisyphus_riscv642.11.6-alt12.11.7-alt2ALT-PU-2024-6834-1-Fixed
freerdpsisyphus_loongarch642.11.6-alt12.11.7-alt2ALT-PU-2024-6841-1-Fixed
freerdpp102.11.6-alt12.11.7-alt2ALT-PU-2024-6851-2345435Fixed
freerdpp10_e2k2.11.6-alt12.11.7-alt2ALT-PU-2024-7154-1-Fixed
freerdpc10f12.11.6-alt12.11.6-alt1ALT-PU-2024-6898-2345436Fixed
freerdpc9f22.11.6-alt12.11.6-alt1ALT-PU-2024-6847-2345438Fixed
freerdpp112.11.6-alt12.11.7-alt2ALT-PU-2024-6814-1345418Fixed
freerdp3sisyphus3.5.0-alt13.5.1-alt1ALT-PU-2024-6812-1345417Fixed
freerdp3sisyphus_riscv643.5.0-alt13.5.1-alt1ALT-PU-2024-6832-1-Fixed
freerdp3sisyphus_loongarch643.5.0-alt13.5.1-alt1ALT-PU-2024-6840-1-Fixed
freerdp3p103.5.0-alt13.5.0-alt1ALT-PU-2024-6812-1345417Fixed
freerdp3p113.5.0-alt13.5.1-alt1ALT-PU-2024-6812-1345417Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5r4p-mfx2-m44r
    https://github.com/FreeRDP/FreeRDP/pull/10077
      https://github.com/FreeRDP/FreeRDP/releases/tag/2.11.6
        https://github.com/FreeRDP/FreeRDP/releases/tag/3.5.0
          VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
          Version: v24.5.3
          Back to top