Описание
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the ClearCodec bands decode path when crafted band coordinates allow writes past the end of the destination surface buffer. A malicious server can trigger a client‑side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.
A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A malicious server can trigger a client-side heap buffer overflow in the ClearCodec bands decode path. This vulnerability, caused by crafted band coordinates, allows writes past the end of the destination surface buffer. Successful exploitation can lead to a crash, resulting in a denial of service (DoS), and potentially arbitrary code execution.
Отчет
For this vulnerability to be exploited, a client must connect to a maliciously-configured server. Red Hat recommends that FreeRDP clients are only used to connect to trusted servers.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | freerdp | Will not fix | ||
| Red Hat Enterprise Linux 7 | freerdp | Not affected | ||
| Red Hat Enterprise Linux 10 | freerdp | Fixed | RHSA-2026:2222 | 09.02.2026 |
| Red Hat Enterprise Linux 10.0 Extended Update Support | freerdp | Fixed | RHSA-2026:2952 | 18.02.2026 |
| Red Hat Enterprise Linux 8 | freerdp | Fixed | RHSA-2026:2081 | 05.02.2026 |
| Red Hat Enterprise Linux 9 | freerdp | Fixed | RHSA-2026:2048 | 05.02.2026 |
| Red Hat Enterprise Linux 9.4 Extended Update Support | freerdp | Fixed | RHSA-2026:2736 | 16.02.2026 |
| Red Hat Enterprise Linux 9.6 Extended Update Support | freerdp | Fixed | RHSA-2026:3037 | 23.02.2026 |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
7.6 High
CVSS3
Связанные уязвимости
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the ClearCodec bands decode path when crafted band coordinates allow writes past the end of the destination surface buffer. A malicious server can trigger a client‑side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the ClearCodec bands decode path when crafted band coordinates allow writes past the end of the destination surface buffer. A malicious server can trigger a client‑side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...
Уязвимость функции clear_decompress_bands_data() RDP-клиента FreeRDP, позволяющая нарушителю выполнить произвольный код и вызвать отказ в обслуживании
EPSS
7.6 High
CVSS3