Количество 13
Количество 13
BDU:2026-00620
Уязвимость RDP-клиента FreeRDP, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю вызвать отказ в обслуживании
CVE-2026-22858
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, global-buffer-overflow was observed in FreeRDP's Base64 decoding path. The root cause appears to be implementation-defined char signedness: on Arm/AArch64 builds, plain char is treated as unsigned, so the guard c <= 0 can be optimized into a simple c != 0 check. As a result, non-ASCII bytes (e.g., 0x80-0xFF) may bypass the intended range restriction and be used as an index into a global lookup table, causing out-of-bounds access. This vulnerability is fixed in 3.20.1.
CVE-2026-22858
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, global-buffer-overflow was observed in FreeRDP's Base64 decoding path. The root cause appears to be implementation-defined char signedness: on Arm/AArch64 builds, plain char is treated as unsigned, so the guard c <= 0 can be optimized into a simple c != 0 check. As a result, non-ASCII bytes (e.g., 0x80-0xFF) may bypass the intended range restriction and be used as an index into a global lookup table, causing out-of-bounds access. This vulnerability is fixed in 3.20.1.
CVE-2026-22858
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, global-buffer-overflow was observed in FreeRDP's Base64 decoding path. The root cause appears to be implementation-defined char signedness: on Arm/AArch64 builds, plain char is treated as unsigned, so the guard c <= 0 can be optimized into a simple c != 0 check. As a result, non-ASCII bytes (e.g., 0x80-0xFF) may bypass the intended range restriction and be used as an index into a global lookup table, causing out-of-bounds access. This vulnerability is fixed in 3.20.1.
CVE-2026-22858
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...
RLSA-2026:3334
Important: freerdp security update
RLSA-2026:3067
Important: freerdp security update
ELSA-2026-3334
ELSA-2026-3334: freerdp security update (IMPORTANT)
ELSA-2026-3067
ELSA-2026-3067: freerdp security update (IMPORTANT)
RLSA-2026:3068
Important: freerdp security update
ELSA-2026-3068
ELSA-2026-3068: freerdp security update (IMPORTANT)
SUSE-SU-2026:0345-1
Security update for freerdp
openSUSE-SU-2026:20339-1
Security update for freerdp
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | BDU:2026-00620 Уязвимость RDP-клиента FreeRDP, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 6.8 | 0% Низкий | около 1 года назад |
 | CVE-2026-22858 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, global-buffer-overflow was observed in FreeRDP's Base64 decoding path. The root cause appears to be implementation-defined char signedness: on Arm/AArch64 builds, plain char is treated as unsigned, so the guard c <= 0 can be optimized into a simple c != 0 check. As a result, non-ASCII bytes (e.g., 0x80-0xFF) may bypass the intended range restriction and be used as an index into a global lookup table, causing out-of-bounds access. This vulnerability is fixed in 3.20.1. | CVSS3: 9.1 | 0% Низкий | 2 месяца назад |
 | CVE-2026-22858 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, global-buffer-overflow was observed in FreeRDP's Base64 decoding path. The root cause appears to be implementation-defined char signedness: on Arm/AArch64 builds, plain char is treated as unsigned, so the guard c <= 0 can be optimized into a simple c != 0 check. As a result, non-ASCII bytes (e.g., 0x80-0xFF) may bypass the intended range restriction and be used as an index into a global lookup table, causing out-of-bounds access. This vulnerability is fixed in 3.20.1. | CVSS3: 7.4 | 0% Низкий | 2 месяца назад |
 | CVE-2026-22858 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, global-buffer-overflow was observed in FreeRDP's Base64 decoding path. The root cause appears to be implementation-defined char signedness: on Arm/AArch64 builds, plain char is treated as unsigned, so the guard c <= 0 can be optimized into a simple c != 0 check. As a result, non-ASCII bytes (e.g., 0x80-0xFF) may bypass the intended range restriction and be used as an index into a global lookup table, causing out-of-bounds access. This vulnerability is fixed in 3.20.1. | CVSS3: 9.1 | 0% Низкий | 2 месяца назад |
| CVE-2026-22858 FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ... | CVSS3: 9.1 | 0% Низкий | 2 месяца назад |
 | RLSA-2026:3334 Important: freerdp security update | около 1 месяца назад | ||
| RLSA-2026:3067 Important: freerdp security update | около 1 месяца назад | ||
| ELSA-2026-3334 ELSA-2026-3334: freerdp security update (IMPORTANT) | около 1 месяца назад | ||
| ELSA-2026-3067 ELSA-2026-3067: freerdp security update (IMPORTANT) | около 1 месяца назад | ||
| RLSA-2026:3068 Important: freerdp security update | около 1 месяца назад | ||
| ELSA-2026-3068 ELSA-2026-3068: freerdp security update (IMPORTANT) | около 1 месяца назад | ||
 | SUSE-SU-2026:0345-1 Security update for freerdp | около 2 месяцев назад | ||
| openSUSE-SU-2026:20339-1 Security update for freerdp | 19 дней назад |
Уязвимостей на страницу