CVE-2024-32662
Publication date 23 April 2024
Last updated 24 July 2024
Ubuntu priority
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. This occurs when `WCHAR` string is read with twice the size it has and converted to `UTF-8`, `base64` decoded. The string is only used to compare against the redirection server certificate. Version 3.5.1 contains a patch for the issue. No known workarounds are available.
Read the notes from the security team
Why is this CVE low priority?
FreeRDP developers have rated this as being a low severity issue
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| freerdp | 24.04 LTS noble | Not in release |
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Not affected
|
|
| freerdp2 | 24.04 LTS noble |
Not affected
|
| 22.04 LTS jammy |
Not affected
|
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Not affected
|
|
| freerdp3 | 24.04 LTS noble |
Fixed 3.5.1+dfsg1-0ubuntu1
|
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release |
Notes
mdeslaur
introduced in https://github.com/FreeRDP/FreeRDP/commit/ae8f0106bd9d79dc0369c19b632c5112338ecad4
References
Related Ubuntu Security Notices (USN)
- USN-6759-1
- FreeRDP vulnerabilities
- 29 April 2024