Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2026-23732

Опубликовано: 19 янв. 2026
Источник: redhat
CVSS3: 6.5
EPSS Низкий

Описание

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, FastGlyph parsing trusts cbData/remaining length and never validates against the minimum size implied by cx/cy. A malicious server can trigger a client‑side global buffer overflow, causing a crash (DoS). Version 3.21.0 contains a patch for the issue.

A flaw was found in FreeRDP. A malicious server can exploit a vulnerability in FastGlyph parsing, which improperly trusts data length without sufficient validation. This can lead to a client-side global buffer overflow, resulting in a denial of service (DoS) due to a crash. For this vulnerability to be exploited, a client must connect to a maliciously-configured server.

Отчет

For this vulnerability to be exploited, a client must connect to a maliciously-configured server. Red Hat recommends that FreeRDP clients are only used to connect to trusted servers.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10freerdpAffected
Red Hat Enterprise Linux 6freerdpAffected
Red Hat Enterprise Linux 7freerdpAffected
Red Hat Enterprise Linux 8freerdpAffected
Red Hat Enterprise Linux 9freerdpAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-122
https://bugzilla.redhat.com/show_bug.cgi?id=2430881freerdp: FreeRDP: Denial of Service via FastGlyph parsing buffer overflow

EPSS

Процентиль: 32%
0.00128
Низкий

6.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2026-23732

CVSS3: 7.5
ubuntu
2 месяца назад

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, FastGlyph parsing trusts `cbData`/remaining length and never validates against the minimum size implied by `cx/cy`. A malicious server can trigger a client‑side global buffer overflow, causing a crash (DoS). Version 3.21.0 contains a patch for the issue.

nvd логотип

CVE-2026-23732

CVSS3: 7.5
nvd
2 месяца назад

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, FastGlyph parsing trusts `cbData`/remaining length and never validates against the minimum size implied by `cx/cy`. A malicious server can trigger a client‑side global buffer overflow, causing a crash (DoS). Version 3.21.0 contains a patch for the issue.

debian логотип

CVE-2026-23732

CVSS3: 7.5
debian
2 месяца назад

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...

fstec логотип

BDU:2026-00660

CVSS3: 5.3
fstec
2 месяца назад

Уязвимость функции Glyph_Alloc() RDP-клиента FreeRDP, позволяющая нарушителю вызвать отказ в обслуживании

suse-cvrf логотип

SUSE-SU-2026:0761-1

suse-cvrf
26 дней назад

Security update for freerdp

EPSS

Процентиль: 32%
0.00128
Низкий

6.5 Medium

CVSS3