Vulnerability - CVE-2024-32658

Name

CVE-2024-32658

Source

NVD ( link)Debian ( link)

Description

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. Version 3.5.1 contains a patch for the issue. No known workarounds are available.

CWEs

CWE-125 CWE-125

Published Date

Apr 23, 2024

Updated Date

Jun 17, 2026

Workaround

Advisories

https://github.com/FreeRDP/FreeRDP/commit/1a755d898ddc028cc818d0dd9d49d5acff4c44bfPatch

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vpv3-m3m9-4c2vVendor Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5JL476WVJSIE7SBUKVJRVA6A52V2HOLZ/Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7SIS6NUNLUBOV4CPCSWKDE6T6C2W3WTR/Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PX3U6YPZQ7PEJBVKSBUOLWVH7DHROHY5/Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKI4UISUXYNBPN4K6TIQKDRTIJ6CDCKJ/Third Party Advisory

https://oss-fuzz.com/testcase-detail/4852534033317888Permissions Required

https://oss-fuzz.com/testcase-detail/6196819496337408Permissions Required

https://github.com/FreeRDP/FreeRDP/commit/1a755d898ddc028cc818d0dd9d49d5acff4c44bfPatch

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vpv3-m3m9-4c2vVendor Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5JL476WVJSIE7SBUKVJRVA6A52V2HOLZ/Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7SIS6NUNLUBOV4CPCSWKDE6T6C2W3WTR/Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PX3U6YPZQ7PEJBVKSBUOLWVH7DHROHY5/Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKI4UISUXYNBPN4K6TIQKDRTIJ6CDCKJ/Third Party Advisory

https://oss-fuzz.com/testcase-detail/4852534033317888Permissions Required

https://oss-fuzz.com/testcase-detail/6196819496337408Permissions Required

Analysis#

Affected Component

Analysis

freerdp

Patched

Vulnerability Ratings#

9.8

CVSSv31

9.8

CVSSv31

NaN

other

Others affected components#

Name

Project

Project Version

Version

Status

freerdp

buildroot

2025.02.x

2.11.8

Not Affected

freerdp

buildroot

master

2.11.8

Not Affected

freerdp

yocto

master

2.11.8

Not Affected

freerdp3

yocto

master

3.26.0

Not Affected

freerdp

yocto

scarthgap

2.11.8

Patched

freerdp3

yocto

scarthgap

3.4.0

Patched

Resolved with patches#

freerdp (yocto:kirkstone)

Title

Author

Resolve

fix offset error

akallabeth <akallabeth@posteo.net>

CVE-2024-32658

freerdp3 (yocto:scarthgap)

Title

Author

Resolve

fix offset error

akallabeth <akallabeth@posteo.net>

CVE-2024-32658