Out-of-bounds Read Affecting libwinpr package, versions *
Threat Intelligence
EPSS
0.04% (11th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-RHEL7-LIBWINPR-6688381
- published 27 Apr 2024
- disclosed 23 Apr 2024
Introduced: 23 Apr 2024
CVE-2024-32659 Open this link in a new tabHow to fix?
There is no fixed version for RHEL:7 libwinpr.
NVD Description
Note: Versions mentioned in the description apply only to the upstream libwinpr package and not the libwinpr package as distributed by RHEL.
See How to fix? for RHEL:7 relevant fixed versions and status.
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients prior to version 3.5.1 are vulnerable to out-of-bounds read if ((nWidth == 0) and (nHeight == 0)). Version 3.5.1 contains a patch for the issue. No known workarounds are available.
References
- https://access.redhat.com/security/cve/CVE-2024-32659
- https://github.com/FreeRDP/FreeRDP/commit/6430945ce003a5e24d454d8566f54aae1b6b617b
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8jgr-7r33-x87w
- https://oss-fuzz.com/testcase-detail/6156779722440704
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7SIS6NUNLUBOV4CPCSWKDE6T6C2W3WTR/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKI4UISUXYNBPN4K6TIQKDRTIJ6CDCKJ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5JL476WVJSIE7SBUKVJRVA6A52V2HOLZ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PX3U6YPZQ7PEJBVKSBUOLWVH7DHROHY5/
CVSS Scores
version 3.1