CVE-2024-32459
Published: 22 April 2024
Summary
CVE-2024-32459 is a critical-severity Out-of-bounds Read (CWE-125) vulnerability in Fedoraproject Fedora. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 6.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
FreeRDP, a free implementation of the Remote Desktop Protocol, is affected by an out-of-bounds read vulnerability (CWE-125) in both clients and servers running versions prior to 3.5.0 or 2.11.6. The flaw received a CVSS score of 9.8, reflecting network-accessible exploitation without authentication or user interaction.
An unauthenticated remote attacker can trigger the out-of-bounds read against vulnerable FreeRDP instances, potentially resulting in high impacts to confidentiality, integrity, and availability.
Official patches released in FreeRDP 3.5.0 and 2.11.6 resolve the issue, and project advisories state that no workarounds are available. Coordinated updates have also been issued through distribution channels such as Fedora.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-30277
Vulnerability details
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients and servers that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. No known…
more
workarounds are available.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Out-of-bounds read in FreeRDP clients enables T1203 (Exploitation for Client Execution); in servers enables T1210 (Exploitation of Remote Services) via RDP protocol.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.