CVE-2024-32661
Published: 23 April 2024
Summary
CVE-2024-32661 is a high-severity NULL Pointer Dereference (CWE-476) vulnerability in Fedoraproject Fedora. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked in the top 30.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-30452
Vulnerability details
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to a possible `NULL` access and crash. Version 3.5.1 contains a patch for the issue. No known workarounds are available.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The CVE describes a NULL pointer dereference in FreeRDP clients prior to 3.5.1, allowing remote exploitation via RDP to crash the client application, facilitating endpoint denial of service through application exploitation.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.