FreeRDP is a set of free and open source remote desktop protocol library and clients. In affected versions an integer overflow in `freerdp_bitmap_planar_context_reset` leads to heap-buffer overflow. This affects FreeRDP based clients. FreeRDP based server implementations and proxy are not affected. A malicious server could prepare a `RDPGFX_RESET_GRAPHICS_PDU` to allocate too small buffers, possibly triggering later out of bound read/write. Data extraction over network is not possible, the buffers are used to display an image. This issue has been addressed in version 2.11.5 and 3.2.0. Users are advised to upgrade. there are no know workarounds for this vulnerability.
Metrics
Affected Vendors & Products
References
History
Wed, 13 Nov 2024 02:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat
Redhat enterprise Linux |
|
CPEs | cpe:/a:redhat:enterprise_linux:9 | |
Vendors & Products |
Redhat
Redhat enterprise Linux |
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-01-19T19:54:32.837Z
Updated: 2024-08-01T22:35:35.003Z
Reserved: 2024-01-08T04:59:27.374Z
Link: CVE-2024-22211
Vulnrichment
No data.
NVD
Status : Modified
Published: 2024-01-19T20:15:13.573
Modified: 2024-11-21T08:55:48.453
Link: CVE-2024-22211
Redhat