UBUNTU-CVE-2024-32459

Details

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients and servers that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. No known workarounds are available.

Affected Packages

freerdp

Ubuntu 16.04 LTS

Affected versions:

1.1.0~git20140921.1.440916e+dfsg1-5ubuntu11.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.21.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.31.1.0~git20140921.1.440916e+dfsg1-5ubuntu1.4

freerdp

Ubuntu 18.04 LTS

Affected versions:

1.1.0~git20140921.1.440916e+dfsg1-15ubuntu11.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.11.1.0~git20140921.1.440916e+dfsg1-15ubuntu1.18.04.2

freerdp2

Ubuntu 20.04 LTS

Fixed in:

2.6.1+dfsg1-0ubuntu0.20.04.1

freerdp2

Ubuntu 22.04 LTS

Fixed in:

2.6.1+dfsg1-3ubuntu2.6

freerdp3

Ubuntu 24.04 LTS

Fixed in:

3.5.0+dfsg1-0ubuntu1

freerdp2

Ubuntu Pro 18.04 LTS

Affected versions:

2.0.0~git20170725.1.1648deb+dfsg1-12.0.0~git20170725.1.1648deb+dfsg1-52.0.0~git20170725.1.1648deb+dfsg1-5ubuntu12.0.0~git20170725.1.1648deb+dfsg1-5ubuntu22.0.0~git20170725.1.1648deb+dfsg1-62.0.0~git20170725.1.1648deb+dfsg1-6build12.0.0~git20170725.1.1648deb+dfsg1-72.0.0~git20170725.1.1648deb+dfsg1-7ubuntu0.12.1.1+dfsg1-0ubuntu0.18.04.12.2.0+dfsg1-0ubuntu0.18.04.1+8 more

freerdp2

Ubuntu Pro 24.04 LTS

Fixed in:

2.11.5+dfsg1-1ubuntu0.1~esm2

References

REPORT

https://github.com/FreeRDP/FreeRDP/pull/10077

REPORT

https://github.com/FreeRDP/FreeRDP/releases/tag/2.11.6

REPORT

https://github.com/FreeRDP/FreeRDP/releases/tag/3.5.0

REPORT