CVE-2024-32662
Published: 23 April 2024
Summary
CVE-2024-32662 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Fedoraproject Fedora. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 48.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-30453
Vulnerability details
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read. This occurs when `WCHAR` string is read with twice the size it has and converted to `UTF-8`, `base64`…
more
decoded. The string is only used to compare against the redirection server certificate. Version 3.5.1 contains a patch for the issue. No known workarounds are available.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The out-of-bounds read vulnerability in the FreeRDP RDP client, triggered by oversized WCHAR strings in redirection server certificate handling (involving UTF-8 conversion and base64 decoding), enables remote exploitation over RDP to crash the client application, facilitating endpoint denial of service via application exploitation.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.