CVE-2024-32660

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-32660
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.5.1, a malicious server can crash the FreeRDP client by sending invalid huge allocation size. Version 3.5.1 contains a patch for the issue. No known workarounds are available.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/FreeRDP/FreeRDP/commit/5e5d27cf310e4c10b854be7667bfb7a5d774eb47
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mxv6-2cw6-m3mx
https://oss-fuzz.com/testcase-detail/5559242514825216
Configurations

No configuration.

History

24 Apr 2024, 13:39

Type Values Removed Values Added
Summary
  • (es) FreeRDP es una implementación gratuita del protocolo de escritorio remoto. Antes de la versión 3.5.1, un servidor malicioso podía bloquear el cliente FreeRDP al enviar un tamaño de asignación enorme no válido. La versión 3.5.1 contiene un parche para el problema. No hay workarounds disponibles.

23 Apr 2024, 20:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-04-23 20:15

Updated : 2024-04-24 13:39

NVD link : CVE-2024-32660

Mitre link : CVE-2024-32660

CVE.ORG link : CVE-2024-32660

JSON object : View

Products Affected

No product.

CWE
CWE-770

Allocation of Resources Without Limits or Throttling