Skip to content

rdp_redirection_read_base64_wchar out of bound read

Low
akallabeth published GHSA-vffh-j6hh-95f4 Apr 23, 2024

Package

FreeRDP (C)

Affected versions

>= 3.0.0, <= 3.5.0

Patched versions

3.5.1

Description

Impact

  • All FreeRDP based clients.
  • A WCHAR string is read with twice the size it has and converted to UTF-8, base64 decoded
  • Only used to compare against the redirection server certificate.

Patches

Workarounds

none

References

https://oss-fuzz.com/testcase-detail/4985227207311360

Severity

Low

CVE ID

CVE-2024-32662

Weaknesses

No CWEs