VDB
CISA-2024-32659
CISA-2024-32659
PUBLISHED
CVSS 9.8 CRITICAL
Reported by GitHub_M · Published April 23, 2024
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read if `((nWidth == 0) and (nHeight == 0))`. Version 3.5.1 contains a patch for the issue. No known workarounds are available.
Risk Scores
CVSS 3.1
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| FreeRDP | FreeRDP | < 3.5.1 |
| FreeRDP | FreeRDP | < 3.5.1, * |
| freerdp | freerdp | 0, 0 |
Timeline
- Apr 23, 2024 CVE Published
- Nov 3, 2025 CVE Updated
References
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8jgr-7r33-x87w x_refsource_CONFIRM
- https://github.com/FreeRDP/FreeRDP/commit/6430945ce003a5e24d454d8566f54aae1b6b617b x_refsource_MISC
- https://oss-fuzz.com/testcase-detail/6156779722440704 x_refsource_MISC
- https://lists.debian.org/debian-lts-announce/2025/02/msg00016.html url