CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32662 – FreeRDP rdp_redirection_read_base64_wchar out of bound read
https://notcve.org/view.php?id=CVE-2024-32662
23 Apr 2024 — FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. This occurs when `WCHAR` string is read with twice the size it has and converted to `UTF-8`, `base64` decoded. The string is only used to compare against the redirection server certificate. Version 3.5.1 contains a patch for the issue. • https://github.com/FreeRDP/FreeRDP/commit/626d10a94a88565d957ddc30768ed08b320049a7 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32661 – FreeRDP rdp_write_logon_info_v1 NULL access
https://notcve.org/view.php?id=CVE-2024-32661
23 Apr 2024 — FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to a possible `NULL` access and crash. Version 3.5.1 contains a patch for the issue. No known workarounds are available. FreeRDP es una implementación gratuita del protocolo de escritorio remoto. • https://github.com/FreeRDP/FreeRDP/commit/71e463e31b4d69f4022d36bfc814592f56600793 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32660 – FreeRDP zgfx_decompress out of memory vulnerability
https://notcve.org/view.php?id=CVE-2024-32660
23 Apr 2024 — FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.5.1, a malicious server can crash the FreeRDP client by sending invalid huge allocation size. Version 3.5.1 contains a patch for the issue. No known workarounds are available. FreeRDP es una implementación gratuita del protocolo de escritorio remoto. • https://github.com/FreeRDP/FreeRDP/commit/5e5d27cf310e4c10b854be7667bfb7a5d774eb47 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32659 – freerdp_image_copy out of bound read
https://notcve.org/view.php?id=CVE-2024-32659
23 Apr 2024 — FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read if `((nWidth == 0) and (nHeight == 0))`. Version 3.5.1 contains a patch for the issue. No known workarounds are available. FreeRDP es una implementación gratuita del protocolo de escritorio remoto. • https://github.com/FreeRDP/FreeRDP/commit/6430945ce003a5e24d454d8566f54aae1b6b617b • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32658 – FreeRDP ExtractRunLengthRegular* out of bound read
https://notcve.org/view.php?id=CVE-2024-32658
23 Apr 2024 — FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. Version 3.5.1 contains a patch for the issue. No known workarounds are available. FreeRDP es una implementación gratuita del protocolo de escritorio remoto. • https://github.com/FreeRDP/FreeRDP/commit/1a755d898ddc028cc818d0dd9d49d5acff4c44bf • CWE-125: Out-of-bounds Read •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-32460 – FreeRDP Out-Of-Bounds Read in interleaved_decompress
https://notcve.org/view.php?id=CVE-2024-32460
22 Apr 2024 — FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based based clients using `/bpp:32` legacy `GDI` drawing path with a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, use modern drawing paths (e.g. `/rfx` or `/gfx` options). • https://github.com/FreeRDP/FreeRDP/pull/10077 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2024-32459 – FreeRDP Out-Of-Bounds Read in ncrush_decompress
https://notcve.org/view.php?id=CVE-2024-32459
22 Apr 2024 — FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients and servers that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. No known workarounds are available. FreeRDP es una implementación gratuita del orotocolo de escritorio remoto. • https://github.com/absholi7ly/FreeRDP-Out-of-Bounds-Read-CVE-2024-32459- • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-32458 – FreeRDP Out-Of-Bounds Read in planar_skip_plane_rle
https://notcve.org/view.php?id=CVE-2024-32458
22 Apr 2024 — FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, use `/gfx` or `/rfx` modes (on by default, require server side support). FreeRDP es una implementación gratuita del protocolo de escritorio remoto. • https://github.com/FreeRDP/FreeRDP/pull/10077 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-32041 – FreeRDP OutOfBound Read in zgfx_decompress_segment
https://notcve.org/view.php?id=CVE-2024-32041
22 Apr 2024 — FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, deactivate `/gfx` (on by default, set `/bpp` or `/rfx` options instead. FreeRDP es una implementación gratuita del protocolo de escritorio remoto. • https://github.com/FreeRDP/FreeRDP/pull/10077 • CWE-125: Out-of-bounds Read •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-32040 – FreeRDP vulnerable to integer underflow in nsc_rle_decode
https://notcve.org/view.php?id=CVE-2024-32040
22 Apr 2024 — FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 and have connections to servers using the `NSC` codec are vulnerable to integer underflow. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, do not use the NSC codec (e.g. use `-nsc`). FreeRDP es una implementación gratuita del protocolo de escritorio remoto. • https://github.com/FreeRDP/FreeRDP/pull/10077 • CWE-191: Integer Underflow (Wrap or Wraparound) •