CVE-2024-32040Integer Underflow (Wrap or Wraparound) in Freerdp

CWE-191Integer Underflow (Wrap or Wraparound)10 documents7 sources
Severity
9.8CRITICALNVD
CNA8.1
EPSS
1.5%
top 19.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
FreerdpFedoraproject Fedora
Timeline
PublishedApr 22
Latest updateMar 11

Description

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 and have connections to servers using the `NSC` codec are vulnerable to integer underflow. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use the NSC codec (e.g. use `-nsc`).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

CVEListV5freerdp/freerdp< 2.11.6+1
NVDfreerdp/freerdp3.0.03.5.0+1

Also affects: Fedora 38, 39, 40

🔴Vulnerability Details

4
OSV
freerdp2 vulnerabilities2025-03-11
OSV
freerdp2 vulnerabilities2024-04-24
OSV
CVE-2024-32040: FreeRDP is a free implementation of the Remote Desktop Protocol2024-04-22
CVEList
FreeRDP vulnerable to integer underflow in nsc_rle_decode2024-04-22

📋Vendor Advisories

4
Ubuntu
FreeRDP vulnerabilities2025-03-11
Ubuntu
FreeRDP vulnerabilities2024-04-24
Red Hat
freerdp: integer underflow in nsc_rle_decode2024-04-22
Debian
CVE-2024-32040: freerdp2 - FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based c...2024

🕵️Threat Intelligence

1
Securelist
Memory corruption vulnerabilities in Suricata and FreeRDP2024-08-22
CVE-2024-32040 — Integer Underflow (Wrap or Wraparound) | cvebase