CVE-2026-31885

Опубликовано: 13 мар. 2026

Источник: nvd

CVSS3: 6.5

CVSS3: 9.4

EPSS Низкий

Описание

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, there is an out-of-bounds read in MS-ADPCM and IMA-ADPCM decoders due to unchecked predictor and step_index values from input data. This vulnerability is fixed in 3.24.0.

Ссылки

https://github.com/FreeRDP/FreeRDP/commit/16df2300e1e3f5a51f68fb1626429e58b531b7c8
Patch
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-h23r-3988-3wf3
Exploit
Patch
Vendor Advisory
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-h23r-3988-3wf3
Exploit
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*

Версия до 3.24.0 (исключая)

EPSS

Процентиль: 10%

0.00034

Низкий

6.5 Medium

CVSS3

9.4 Critical

CVSS3

Дефекты

CWE-125

Связанные уязвимости

CVE-2026-31885

CVSS3: 6.5

ubuntu

14 дней назад

CVE-2026-31885

CVSS3: 6.5

redhat

14 дней назад

An out of bounds read flaw has been discovered in FreeRDP. This out-of-bounds read exists in the MS-ADPCM and IMA-ADPCM decoders due to unchecked predictor and step_index values from input data. An attacker may be able to leverage this weakness to leak global data.

CVE-2026-31885

CVSS3: 6.5

debian

14 дней назад

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...

EPSS

Процентиль: 10%

0.00034

Низкий

6.5 Medium

CVSS3

9.4 Critical

CVSS3

Дефекты

CWE-125