CVE-2024-32039
published 2024-04-22CVE-2024-32039: FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to…
PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.27%
80.9th percentile
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to integer overflow and out-of-bounds write. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use `/gfx` options (e.g. deactivate with `/bpp:32` or `/rfx` as it is on by default).
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | freerdp2 | < freerdp2 2.11.7+dfsg1-6~deb12u1 (bookworm) | freerdp2 2.11.7+dfsg1-6~deb12u1 (bookworm) |
| debian | freerdp3 | < freerdp2 2.11.7+dfsg1-6~deb12u1 (bookworm) | freerdp2 2.11.7+dfsg1-6~deb12u1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| freerdp | freerdp | < 2.11.6 | 2.11.6 |
| freerdp | freerdp | — | — |
| freerdp | freerdp | >= 3.0.0 < 3.5.0 | 3.5.0 |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability is triggered via the GFX (Graphics) pipeline in FreeRDP. Monitor for FreeRDP client connections using /gfx options, which are enabled by default. The flaw occurs in clear_decompress_residual_data when the sum of runLengthFactor and pixelIndex overflows uint32 and bypasses an error check. ↗
- →Vulnerable FreeRDP client versions are prior to 3.5.0 or 2.11.6. Detection should flag FreeRDP client processes running versions below these thresholds. ↗
- ·The /gfx option is enabled by default in FreeRDP clients. As a workaround, disable it using /bpp:32 or /rfx to prevent exploitation of this vulnerability. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_redhat9.8CRITICAL
vendor_ubuntu9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
freerdp2 vulnerabilities
osv·2025-03-11·CVSS 9.8
CVE-2024-32039 [CRITICAL] freerdp2 vulnerabilities
freerdp2 vulnerabilities
Evgeny Legerov discovered that FreeRDP incorrectly handled certain memory
operations. If a user were tricked into connecting to a malicious server, a
remote attacker could use this issue to cause FreeRDP to crash, resulting
in a denial of service, or possibly execute arbitrary code.
(CVE-2024-32039, CVE-2024-32040, CVE-2024-32041)
Evgeny Legerov discovered that FreeRDP incorrectly handled certain memory
operations. If a user were tricked into connecting to a malicious server, a
remote attacker could possibly use this issue to cause FreeRDP to crash,
resulting in a denial of service. (CVE-2024-32458, CVE-2024-32460)
It was discovered that FreeRDP incorrectly handled certain memory
operations. If a user were tricked into connecting to a malicious server, a
remote
OSV
freerdp2 vulnerabilities
osv·2024-04-24·CVSS 9.8
CVE-2024-22211 [CRITICAL] freerdp2 vulnerabilities
freerdp2 vulnerabilities
It was discovered that FreeRDP incorrectly handled certain context resets.
If a user were tricked into connecting to a malicious server, a remote
attacker could use this issue to cause FreeRDP to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2024-22211)
Evgeny Legerov discovered that FreeRDP incorrectly handled certain memory
operations. If a user were tricked into connecting to a malicious server, a
remote attacker could use this issue to cause FreeRDP to crash, resulting
in a denial of service, or possibly execute arbitrary code.
(CVE-2024-32039, CVE-2024-32040)
Evgeny Legerov discovered that FreeRDP incorrectly handled certain memory
operations. If a user were tricked into connecting to a malicious server, a
remote attacker
OSV
CVE-2024-32039: FreeRDP is a free implementation of the Remote Desktop Protocol
osv·2024-04-22·CVSS 9.8
CVE-2024-32039 [CRITICAL] CVE-2024-32039: FreeRDP is a free implementation of the Remote Desktop Protocol
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to integer overflow and out-of-bounds write. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use `/gfx` options (e.g. deactivate with `/bpp:32` or `/rfx` as it is on by default).
Ubuntu
FreeRDP vulnerabilities
vendor_ubuntu·2025-03-11·CVSS 9.8
CVE-2024-32040 [CRITICAL] FreeRDP vulnerabilities
Title: FreeRDP vulnerabilities
Summary: Several security issues were fixed in FreeRDP.
Evgeny Legerov discovered that FreeRDP incorrectly handled certain memory
operations. If a user were tricked into connecting to a malicious server, a
remote attacker could use this issue to cause FreeRDP to crash, resulting
in a denial of service, or possibly execute arbitrary code.
(CVE-2024-32039, CVE-2024-32040, CVE-2024-32041)
Evgeny Legerov discovered that FreeRDP incorrectly handled certain memory
operations. If a user were tricked into connecting to a malicious server, a
remote attacker could possibly use this issue to cause FreeRDP to crash,
resulting in a denial of service. (CVE-2024-32458, CVE-2024-32460)
It was discovered that FreeRDP incorrectly handled certain memory
operations. If a use
Ubuntu
FreeRDP vulnerabilities
vendor_ubuntu·2024-04-24·CVSS 3.7
CVE-2024-22211 [LOW] FreeRDP vulnerabilities
Title: FreeRDP vulnerabilities
Summary: Several security issues were fixed in FreeRDP.
It was discovered that FreeRDP incorrectly handled certain context resets.
If a user were tricked into connecting to a malicious server, a remote
attacker could use this issue to cause FreeRDP to crash, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2024-22211)
Evgeny Legerov discovered that FreeRDP incorrectly handled certain memory
operations. If a user were tricked into connecting to a malicious server, a
remote attacker could use this issue to cause FreeRDP to crash, resulting
in a denial of service, or possibly execute arbitrary code.
(CVE-2024-32039, CVE-2024-32040)
Evgeny Legerov discovered that FreeRDP incorrectly handled certain memory
operations. If a user were t
Red Hat
freerdp: Integer overflow & OutOfBound Write in clear_decompress_residual_data
vendor_redhat·2024-04-22·CVSS 9.8
CVE-2024-32039 [CRITICAL] CWE-190 freerdp: Integer overflow & OutOfBound Write in clear_decompress_residual_data
freerdp: Integer overflow & OutOfBound Write in clear_decompress_residual_data
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to integer overflow and out-of-bounds write. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use `/gfx` options (e.g. deactivate with `/bpp:32` or `/rfx` as it is on by default).
A flaw was found in FreeRDP-based clients. Affected versions of FreeRDP are vulnerable to an integer overflow and out-of-bounds write. This issue occurs when the sum of the `runLengthFactor` and `pixelIndex` values become large enough to overflow the uint32 type and bypass an error check when clearing residual data.
Package: freerdp (Red Hat Enterprise Linux 10) -
Debian
CVE-2024-32039: freerdp2 - FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based c...
vendor_debian·2024·CVSS 9.8
CVE-2024-32039 [CRITICAL] CVE-2024-32039: freerdp2 - FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based c...
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients using a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to integer overflow and out-of-bounds write. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use `/gfx` options (e.g. deactivate with `/bpp:32` or `/rfx` as it is on by default).
Scope: local
bookworm: resolved (fixed in 2.11.7+dfsg1-6~deb12u1)
bullseye: resolved (fixed in 2.3.0+dfsg1-2+deb11u2)
Suricata
ET WEB_SPECIFIC_APPS Scripts For Sites EZ e-store searchresults.php where Parameter SQL Injection
suricata·2010-07-30·CVSS 7.5
CVE-2008-6242 [HIGH] ET WEB_SPECIFIC_APPS Scripts For Sites EZ e-store searchresults.php where Parameter SQL Injection
ET WEB_SPECIFIC_APPS Scripts For Sites EZ e-store searchresults.php where Parameter SQL Injection
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Scripts For Sites EZ e-store searchresults.php where Parameter SQL Injection"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/SearchResults.php?"; nocase; content:"where="; nocase; content:"UNION"; nocase; content:"SELECT"; nocase; pcre:"/UNION.+SELECT/i"; reference:cve,CVE-2008-6242; reference:bugtraq,32039; reference:url,milw0rm.com/exploits/6922; classtype:web-application-attack; sid:2009727; rev:7; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, signature_severity Major, tag SQL_Injection, updated_at 2024
No public exploits indexed.
Securelist
Memory corruption vulnerabilities in Suricata and FreeRDP
blogs_securelist·2024-08-22·CVSS 9.8
CVE-2024-32664 [CRITICAL] Memory corruption vulnerabilities in Suricata and FreeRDP
Table of Contents
Open-source components in KasperskyOS-based products
CVE-2024-32664: out-of-bounds write in Suricata
FreeRDP vulnerabilities
CVE-2024-32041
CVE-2024-32039
CVE-2024-32040
CVE-2024-32458
CVE-2024-32459
CVE-2024-32460
Disclosure timeline
Conclusion
Authors
Dmitry Shmoylov
Evgeny Legerov
Denis Skvortsov
As a cybersecurity company, before we release our products, we perform penetration tests on them to make sure they are secure. Recently, new versions of KasperskyOS-based products were released, namely Kaspersky Thin Client (KTC) and Kaspersky IoT Secure Gateway (KISG). As part of the pre-release penetration testing, we analyzed two open-source components used in these products, namely Suricata and FreeRDP projects, and discovered several vulnerabilities, which
Securelist
Kaspersky found multiple memory corruptions in Suricata and FreeRDP
blogs_securelist·2024-08-22·CVSS 9.8
CVE-2024-32664 [CRITICAL] Kaspersky found multiple memory corruptions in Suricata and FreeRDP
Table of Contents
- Open-source components in KasperskyOS-based products
- CVE-2024-32664: out-of-bounds write in Suricata
- FreeRDP vulnerabilities
- Disclosure timeline
- Conclusion
Authors
- Dmitry Shmoylov
- Evgeny Legerov
- Denis Skvortsov
As a cybersecurity company, before we release our products, we perform penetration tests on them to make sure they are secure. Recently, new versions of KasperskyOS-based products were released, namely Kaspersky Thin Client (KTC) and Kaspersky IoT Secure Gateway (KISG). As part of the pre-release penetration testing, we analyzed two open-source components used in these products, namely Suricata and FreeRDP projects, and discovered several vulnerabilities, which we reported to the developers of the corresponding libraries, as well as sharing the
https://github.com/FreeRDP/FreeRDP/pull/10077https://github.com/FreeRDP/FreeRDP/releases/tag/2.11.6https://github.com/FreeRDP/FreeRDP/releases/tag/3.5.0https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5h8-7j42-j4r9https://lists.fedoraproject.org/archives/list/[email protected]/message/5JL476WVJSIE7SBUKVJRVA6A52V2HOLZ/https://lists.fedoraproject.org/archives/list/[email protected]/message/7SIS6NUNLUBOV4CPCSWKDE6T6C2W3WTR/https://lists.fedoraproject.org/archives/list/[email protected]/message/PX3U6YPZQ7PEJBVKSBUOLWVH7DHROHY5/https://lists.fedoraproject.org/archives/list/[email protected]/message/ZKI4UISUXYNBPN4K6TIQKDRTIJ6CDCKJ/https://github.com/FreeRDP/FreeRDP/pull/10077https://github.com/FreeRDP/FreeRDP/releases/tag/2.11.6https://github.com/FreeRDP/FreeRDP/releases/tag/3.5.0https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5h8-7j42-j4r9https://lists.debian.org/debian-lts-announce/2025/02/msg00016.htmlhttps://lists.fedoraproject.org/archives/list/[email protected]/message/5JL476WVJSIE7SBUKVJRVA6A52V2HOLZ/https://lists.fedoraproject.org/archives/list/[email protected]/message/7SIS6NUNLUBOV4CPCSWKDE6T6C2W3WTR/https://lists.fedoraproject.org/archives/list/[email protected]/message/PX3U6YPZQ7PEJBVKSBUOLWVH7DHROHY5/https://lists.fedoraproject.org/archives/list/[email protected]/message/ZKI4UISUXYNBPN4K6TIQKDRTIJ6CDCKJ/
2024-04-22
Published