Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2026-25942

Опубликовано: 25 фев. 2026
Источник: redhat
CVSS3: 4.3

Описание

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xf_rail_server_execute_result indexes the global error_code_names[] array (7 elements, indices 0–6) with an unchecked execResult->execResult value received from the server, allowing an out-of-bounds read when the server sends an execResult value of 7 or greater. Version 3.23.0 fixes the issue.

A flaw was found in FreeRDP. A malicious server can exploit this vulnerability by sending a specially crafted execResult value (7 or greater) to the client. This unchecked value is used to index an array, leading to an out-of-bounds read in the xf_rail_server_execute_result function. This can potentially cause a denial of service in the client application.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10freerdpFix deferred
Red Hat Enterprise Linux 6freerdpFix deferred
Red Hat Enterprise Linux 7freerdpFix deferred
Red Hat Enterprise Linux 8freerdpFix deferred
Red Hat Enterprise Linux 9freerdpFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=2442756freerdp: FreeRDP: Denial of Service via out-of-bounds read from malicious server input

4.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2026-25942

CVSS3: 7.5
ubuntu
около 1 месяца назад

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_rail_server_execute_result` indexes the global `error_code_names[]` array (7 elements, indices 0–6) with an unchecked `execResult->execResult` value received from the server, allowing an out-of-bounds read when the server sends an `execResult` value of 7 or greater. Version 3.23.0 fixes the issue.

nvd логотип

CVE-2026-25942

CVSS3: 7.5
nvd
около 1 месяца назад

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_rail_server_execute_result` indexes the global `error_code_names[]` array (7 elements, indices 0–6) with an unchecked `execResult->execResult` value received from the server, allowing an out-of-bounds read when the server sends an `execResult` value of 7 or greater. Version 3.23.0 fixes the issue.

debian логотип

CVE-2026-25942

CVSS3: 7.5
debian
около 1 месяца назад

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...

4.3 Medium

CVSS3