CVE-2024-32459

CRITICAL

FreeRDP <3.5.0, <2.11.6 - Memory Corruption

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-32459. PoCs published by absholi7ly.

AI-analyzed exploit summary The repository contains a functional exploit PoC for CVE-2024-32459, targeting an out-of-bounds read vulnerability in FreeRDP. The script crafts and sends malicious RDP packets to trigger the vulnerability, with logic to handle retries and timing delays.

Description

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients and servers that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. No known workarounds are available.

Exploits (1)

nomisec WORKING POC 4 stars
by absholi7ly · poc
https://github.com/absholi7ly/FreeRDP-Out-of-Bounds-Read-CVE-2024-32459-

The repository contains a functional exploit PoC for CVE-2024-32459, targeting an out-of-bounds read vulnerability in FreeRDP. The script crafts and sends malicious RDP packets to trigger the vulnerability, with logic to handle retries and timing delays.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: FreeRDP versions prior to 3.5.0 or 2.11.6
No auth needed
Prerequisites: Network access to target RDP service (port 3389)
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (9)

Core 9
Core References
Issue Tracking x_refsource_misc
https://github.com/FreeRDP/FreeRDP/pull/10077

Scores

CVSS v3 9.8
EPSS 0.0375
EPSS Percentile 88.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-125
Status published
Products (4)
fedoraproject/fedora 38
fedoraproject/fedora 39
fedoraproject/fedora 40
freerdp/freerdp < 2.11.6
Published Apr 22, 2024
Tracked Since Feb 18, 2026