Lucene search

K

GoogleOSV:CVE-2024-32660

HistoryApr 23, 2024 - 8:15 p.m.

CVE-2024-32660

2024-04-2320:15:07

Google

osv.dev

5

freerdp

remote desktop protocol

server crash

patch

allocation size

software

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0

Percentile

10.3%

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.5.1, a malicious server can crash the FreeRDP client by sending invalid huge allocation size. Version 3.5.1 contains a patch for the issue. No known workarounds are available.

References

github.com/FreeRDP/FreeRDP/commit/5e5d27cf310e4c10b854be7667bfb7a5d774eb47

github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mxv6-2cw6-m3mx

lists.fedoraproject.org/archives/list/[email protected]/message/5JL476WVJSIE7SBUKVJRVA6A52V2HOLZ/

lists.fedoraproject.org/archives/list/[email protected]/message/7SIS6NUNLUBOV4CPCSWKDE6T6C2W3WTR/

lists.fedoraproject.org/archives/list/[email protected]/message/PX3U6YPZQ7PEJBVKSBUOLWVH7DHROHY5/

lists.fedoraproject.org/archives/list/[email protected]/message/ZKI4UISUXYNBPN4K6TIQKDRTIJ6CDCKJ/

oss-fuzz.com/testcase-detail/5559242514825216

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0

Percentile

10.3%

Related for OSV:CVE-2024-32660

nvd1 ubuntucve1 veracode1 osv6 cve1 cgr1 redhatcve1 debiancve1 vulnrichment1 cvelist1 wolfi1 ubuntu2 nessus12 openvas8 amazon1 fedora4