CVE-2024-22211

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-22211
FreeRDP is a set of free and open source remote desktop protocol library and clients. In affected versions an integer overflow in `freerdp_bitmap_planar_context_reset` leads to heap-buffer overflow. This affects FreeRDP based clients. FreeRDP based server implementations and proxy are not affected. A malicious server could prepare a `RDPGFX_RESET_GRAPHICS_PDU` to allocate too small buffers, possibly triggering later out of bound read/write. Data extraction over network is not possible, the buffers are used to display an image. This issue has been addressed in version 2.11.5 and 3.2.0. Users are advised to upgrade. there are no know workarounds for this vulnerability.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/FreeRDP/FreeRDP/commit/939e922936e9c3ae8fc204968645e5e7563a2fff Patch
https://github.com/FreeRDP/FreeRDP/commit/aeac3040cc99eeaff1e1171a822114c857b9dca9 Patch
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rjhp-44rv-7v59 Exploit Patch Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/44VOA5KQQT7KQPW7CLST4Y4SQTKK3IOU/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PIQE3YSPOJPAUS7DPWIBTR5IQSQX35VM/
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*
cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*
History

17 Feb 2024, 02:15

Type Values Removed Values Added
References
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/44VOA5KQQT7KQPW7CLST4Y4SQTKK3IOU/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PIQE3YSPOJPAUS7DPWIBTR5IQSQX35VM/ -

26 Jan 2024, 20:24

Type Values Removed Values Added
References () https://github.com/FreeRDP/FreeRDP/commit/939e922936e9c3ae8fc204968645e5e7563a2fff - () https://github.com/FreeRDP/FreeRDP/commit/939e922936e9c3ae8fc204968645e5e7563a2fff - Patch
References () https://github.com/FreeRDP/FreeRDP/commit/aeac3040cc99eeaff1e1171a822114c857b9dca9 - () https://github.com/FreeRDP/FreeRDP/commit/aeac3040cc99eeaff1e1171a822114c857b9dca9 - Patch
References () https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rjhp-44rv-7v59 - () https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rjhp-44rv-7v59 - Exploit, Patch, Vendor Advisory
First Time Freerdp freerdp
Freerdp
CPE cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : 3.7 		v2 : unknown
v3 : 9.8
Summary
  • (es) FreeRDP es un conjunto de librerías y clientes de protocolos de escritorio remoto gratuitos y de código abierto. En las versiones afectadas, un desbordamiento de enteros en `freerdp_bitmap_planar_context_reset` provoca un desbordamiento de búfer de almacenamiento dinámico. Esto afecta a los clientes basados en FreeRDP. Las implementaciones de servidor y proxy basadas en FreeRDP no se ven afectadas. Un servidor malicioso podría preparar un `RDPGFX_RESET_GRAPHICS_PDU` para asignar búferes demasiado pequeños, lo que posiblemente desencadenaría posteriormente una lectura/escritura fuera de los límites. La extracción de datos a través de la red no es posible; los búferes se utilizan para mostrar una imagen. Este problema se solucionó en las versiones 2.11.5 y 3.2.0. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad.

19 Jan 2024, 20:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-01-19 20:15

Updated : 2024-02-17 02:15

NVD link : CVE-2024-22211

Mitre link : CVE-2024-22211

CVE.ORG link : CVE-2024-22211

JSON object : View

Products Affected

freerdp

  • freerdp
CWE
CWE-190

Integer Overflow or Wraparound

CWE-122

Heap-based Buffer Overflow