CVE-2026-22858
EUVD-2026-266914.01.2026, 18:16
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, global-buffer-overflow was observed in FreeRDP's Base64 decoding path. The root cause appears to be implementation-defined char signedness: on Arm/AArch64 builds, plain char is treated as unsigned, so the guard c <= 0 can be optimized into a simple c != 0 check. As a result, non-ASCII bytes (e.g., 0x80-0xFF) may bypass the intended range restriction and be used as an index into a global lookup table, causing out-of-bounds access. This vulnerability is fixed in 3.20.1.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| freerdp | freerdp | 𝑥 < 3.20.1 |
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| Red Hat | Red Hat Enterprise Linux 10 | 2:3.10.3-12.el10_2.2 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat Enterprise Linux 10 | 2:3.10.3-5.el10_1.2 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat Enterprise Linux 10.0 Extended Update Support | 2:3.10.3-3.el10_0.2 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat Enterprise Linux 7 Extended Lifecycle Support | 0:2.1.1-5.el7_9.2 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat Enterprise Linux 8 | 2:2.11.7-3.el8_10 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat Enterprise Linux 8.2 Advanced Update Support | 2:2.0.0-46.rc4.el8_2.7 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | 2:2.2.0-8.el8_4 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On | 2:2.2.0-8.el8_4 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support | 2:2.2.0-7.el8_6.2 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service | 2:2.2.0-7.el8_6.2 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions | 2:2.2.0-7.el8_6.2 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service | 2:2.2.0-12.el8_8.2 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions | 2:2.2.0-12.el8_8.2 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat Enterprise Linux 9 | 2:2.11.7-1.el9_7.2 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions | 2:2.4.1-3.el9_0.1 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions | 2:2.4.1-6.el9_2.3 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support | 2:2.11.2-1.el9_4.2 ≤ 𝑥 < * | ADP |
| Red Hat | Red Hat Enterprise Linux 9.6 Extended Update Support | 2:2.11.7-1.el9_6.2 ≤ 𝑥 < * | ADP |
Debian Releases
openSUSE / SLES Releases
openSUSE Product | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| freerdp |
| ||||||||
| freerdp-devel |
| ||||||||
| freerdp-proxy |
| ||||||||
| freerdp-proxy-plugins |
| ||||||||
| freerdp-sdl |
| ||||||||
| freerdp-server |
| ||||||||
| libfreerdp-server-proxy3-3 |
| ||||||||
| libfreerdp3-3 |
| ||||||||
| librdtk0-0 |
| ||||||||
| libwinpr3-3 |
| ||||||||
| winpr-devel |
|
Red Hat Enterprise Linux Releases
Red Hat Product | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| freerdp |
| ||||||||||||||||||
| freerdp-devel |
| ||||||||||||||||||
| freerdp-libs |
| ||||||||||||||||||
| libwinpr |
| ||||||||||||||||||
| libwinpr-devel |
|
Amazon Linux Releases
Amazon Package | |||
|---|---|---|---|
| freerdp |
| ||
| freerdp-debuginfo |
| ||
| freerdp-debugsource |
| ||
| freerdp-devel |
| ||
| freerdp-libs |
| ||
| freerdp-libs-debuginfo |
| ||
| freerdp-server |
| ||
| freerdp-server-debuginfo |
| ||
| libwinpr |
| ||
| libwinpr-debuginfo |
| ||
| libwinpr-devel |
|
Common Weakness Enumeration
References