CVE-2024-22211: 
NixOS vulnerability analysis and mitigation

FreeRDP, a free and open source remote desktop protocol library and clients, was found to contain a vulnerability (CVE-2024-22211) involving an integer overflow in freerdp_bitmap_planar_context_reset that leads to heap-buffer overflow. This vulnerability affects FreeRDP-based clients, while FreeRDP server implementations and proxy are not affected. The issue was discovered and addressed in versions 2.11.5 and 3.2.0 (GitHub Advisory).

The vulnerability stems from an integer overflow in the freerdp_bitmap_planar_context_reset function where a malicious server could prepare a RDPGFX_RESET_GRAPHICS_PDU to allocate too small buffers. The issue occurs when the multiplied value of context->maxWidth and context->maxHeight becomes larger than (1<<32), leading to an integer overflow. This results in insufficient buffer allocation, potentially triggering later out-of-bound read/write operations (GitHub Patch). The vulnerability has been assigned a CVSS v3.1 base score of 9.8 CRITICAL by NIST, while GitHub rates it as LOW with a score of 3.7 (NVD).

While the vulnerability could potentially lead to code execution, data extraction over the network is not possible as the affected buffers are only used to display images. The primary impact is the potential for denial of service or possible arbitrary code execution if a user is tricked into connecting to a malicious server (Ubuntu Notice).

Users are advised to upgrade to FreeRDP version 2.11.5 or 3.2.0, which contain the fix for this vulnerability. There are no known workarounds for this vulnerability other than updating to the patched versions (GitHub Advisory).