Vulnerability CVE-2024-32459: Information

Description

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients and servers that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. No known workarounds are available.

URL: https://nvd.nist.gov/vuln/detail/CVE-2024-32459
Published: April 23, 2024
Modified: June 10, 2024

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
freerdpsisyphus2.11.6-alt12.11.7-alt2ALT-PU-2024-6814-1345418Fixed
freerdpsisyphus_e2k2.11.7-alt1.12.11.7-alt2ALT-PU-2024-7151-1-Fixed
freerdpsisyphus_riscv642.11.6-alt12.11.7-alt2ALT-PU-2024-6834-1-Fixed
freerdpsisyphus_loongarch642.11.6-alt12.11.7-alt2ALT-PU-2024-6841-1-Fixed
freerdpp102.11.6-alt12.11.7-alt2ALT-PU-2024-6851-2345435Fixed
freerdpp10_e2k2.11.6-alt12.11.7-alt2ALT-PU-2024-7154-1-Fixed
freerdpc10f12.11.6-alt12.11.6-alt1ALT-PU-2024-6898-2345436Fixed
freerdpc9f22.11.6-alt12.11.6-alt1ALT-PU-2024-6847-2345438Fixed
freerdpp112.11.6-alt12.11.7-alt2ALT-PU-2024-6814-1345418Fixed
freerdp3sisyphus3.5.0-alt13.5.1-alt1ALT-PU-2024-6812-1345417Fixed
freerdp3sisyphus_riscv643.5.0-alt13.5.1-alt1ALT-PU-2024-6832-1-Fixed
freerdp3sisyphus_loongarch643.5.0-alt13.5.1-alt1ALT-PU-2024-6840-1-Fixed
freerdp3p103.5.0-alt13.5.0-alt1ALT-PU-2024-6812-1345417Fixed
freerdp3p113.5.0-alt13.5.1-alt1ALT-PU-2024-6812-1345417Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cp4q-p737-rmw9
    https://github.com/FreeRDP/FreeRDP/pull/10077
      https://github.com/FreeRDP/FreeRDP/releases/tag/2.11.6
        https://github.com/FreeRDP/FreeRDP/releases/tag/3.5.0
          https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKI4UISUXYNBPN4K6TIQKDRTIJ6CDCKJ/
            https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7SIS6NUNLUBOV4CPCSWKDE6T6C2W3WTR/
              https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PX3U6YPZQ7PEJBVKSBUOLWVH7DHROHY5/
                https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5JL476WVJSIE7SBUKVJRVA6A52V2HOLZ/
                  VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
                  Version: v24.5.3
                  Back to top