← back
CVE-2024-32459

FreeRDP Out-Of-Bounds Read in ncrush_decompress

CVSS 9.8 CRITICALEPSS 3.8%CWE-125
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients and servers that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. No known workarounds are available.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
FreeRDP · FreeRDP
public PoCs found1
githubgithub.com/absholi7ly/FreeRDP-Out-of-Bounds-Read-CVE-2024-32459-4
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/FreeRDP/FreeRDP/pull/10077https://github.com/FreeRDP/FreeRDP/releases/tag/2.11.6https://github.com/FreeRDP/FreeRDP/releases/tag/3.5.0https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cp4q-p737-rmw9https://lists.debian.org/debian-lts-announce/2025/02/msg00016.htmlhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5JL476WVJSIE7SBUKVJRVA6A52V2HOLZ/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7SIS6NUNLUBOV4CPCSWKDE6T6C2W3WTR/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PX3U6YPZQ7PEJBVKSBUOLWVH7DHROHY5/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKI4UISUXYNBPN4K6TIQKDRTIJ6CDCKJ/