cbcvebase.
CVE-2024-32039
published 2024-04-22

CVE-2024-32039: FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to…

PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.27%
80.9th percentile
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to integer overflow and out-of-bounds write. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use `/gfx` options (e.g. deactivate with `/bpp:32` or `/rfx` as it is on by default).

Affected

8 ranges
VendorProductVersion rangeFixed in
debianfreerdp2< freerdp2 2.11.7+dfsg1-6~deb12u1 (bookworm)freerdp2 2.11.7+dfsg1-6~deb12u1 (bookworm)
debianfreerdp3< freerdp2 2.11.7+dfsg1-6~deb12u1 (bookworm)freerdp2 2.11.7+dfsg1-6~deb12u1 (bookworm)
fedoraprojectfedora
fedoraprojectfedora
fedoraprojectfedora
freerdpfreerdp< 2.11.62.11.6
freerdpfreerdp
freerdpfreerdp>= 3.0.0 < 3.5.03.5.0

Detection & IOCsextracted from sources · hover to see the quote

  • The vulnerability is triggered via the GFX (Graphics) pipeline in FreeRDP. Monitor for FreeRDP client connections using /gfx options, which are enabled by default. The flaw occurs in clear_decompress_residual_data when the sum of runLengthFactor and pixelIndex overflows uint32 and bypasses an error check.
  • Vulnerable FreeRDP client versions are prior to 3.5.0 or 2.11.6. Detection should flag FreeRDP client processes running versions below these thresholds.
  • ·The /gfx option is enabled by default in FreeRDP clients. As a workaround, disable it using /bpp:32 or /rfx to prevent exploitation of this vulnerability.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_redhat9.8CRITICAL
vendor_ubuntu9.8CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.