CVE-2026-22858

EUVD-2026-2669
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, global-buffer-overflow was observed in FreeRDP's Base64 decoding path. The root cause appears to be implementation-defined char signedness: on Arm/AArch64 builds, plain char is treated as unsigned, so the guard c <= 0 can be optimized into a simple c != 0 check. As a result, non-ASCII bytes (e.g., 0x80-0xFF) may bypass the intended range restriction and be used as an index into a global lookup table, causing out-of-bounds access. This vulnerability is fixed in 3.20.1.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
Affected Products (NVD)
VendorProductVersion
freerdpfreerdp
𝑥
< 3.20.1
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
Red HatRed Hat Enterprise Linux 10
2:3.10.3-12.el10_2.2 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 10
2:3.10.3-5.el10_1.2 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 10.0 Extended Update Support
2:3.10.3-3.el10_0.2 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 7 Extended Lifecycle Support
0:2.1.1-5.el7_9.2 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 8
2:2.11.7-3.el8_10 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 8.2 Advanced Update Support
2:2.0.0-46.rc4.el8_2.7 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
2:2.2.0-8.el8_4 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On
2:2.2.0-8.el8_4 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
2:2.2.0-7.el8_6.2 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 8.6 Telecommunications Update Service
2:2.2.0-7.el8_6.2 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 8.6 Update Services for SAP Solutions
2:2.2.0-7.el8_6.2 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 8.8 Telecommunications Update Service
2:2.2.0-12.el8_8.2 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 8.8 Update Services for SAP Solutions
2:2.2.0-12.el8_8.2 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 9
2:2.11.7-1.el9_7.2 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 9.0 Update Services for SAP Solutions
2:2.4.1-3.el9_0.1 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 9.2 Update Services for SAP Solutions
2:2.4.1-6.el9_2.3 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 9.4 Extended Update Support
2:2.11.2-1.el9_4.2 ≤
𝑥
< *
ADP
Red HatRed Hat Enterprise Linux 9.6 Extended Update Support
2:2.11.7-1.el9_6.2 ≤
𝑥
< *
ADP
Debian logo
Debian Releases
Debian Product
Codename
freerdp2
bookworm
no-dsa
bullseye
vulnerable
bullseye (security)
vulnerable
freerdp3
forky
3.27.0+dfsg-1
fixed
sid
3.28.0+dfsg-2
fixed
trixie
3.15.0+dfsg-2.1+deb13u3
fixed
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
freerdp
suse enterprise desktop 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise sap 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise server 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise workstation 15 SP7
3.10.3-150700.3.3.1
fixed
freerdp-devel
suse enterprise desktop 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise sap 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise server 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise workstation 15 SP7
3.10.3-150700.3.3.1
fixed
freerdp-proxy
suse enterprise desktop 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise sap 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise server 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise workstation 15 SP7
3.10.3-150700.3.3.1
fixed
freerdp-proxy-plugins
suse enterprise desktop 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise sap 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise server 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise workstation 15 SP7
3.10.3-150700.3.3.1
fixed
freerdp-sdl
suse enterprise desktop 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise sap 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise server 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise workstation 15 SP7
3.10.3-150700.3.3.1
fixed
freerdp-server
suse enterprise desktop 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise sap 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise server 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise workstation 15 SP7
3.10.3-150700.3.3.1
fixed
libfreerdp-server-proxy3-3
suse enterprise desktop 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise sap 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise server 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise workstation 15 SP7
3.10.3-150700.3.3.1
fixed
libfreerdp3-3
suse enterprise desktop 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise sap 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise server 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise workstation 15 SP7
3.10.3-150700.3.3.1
fixed
librdtk0-0
suse enterprise desktop 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise sap 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise server 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise workstation 15 SP7
3.10.3-150700.3.3.1
fixed
libwinpr3-3
suse enterprise desktop 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise sap 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise server 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise workstation 15 SP7
3.10.3-150700.3.3.1
fixed
winpr-devel
suse enterprise desktop 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise sap 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise server 15 SP7
3.10.3-150700.3.3.1
fixed
suse enterprise workstation 15 SP7
3.10.3-150700.3.3.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
freerdp
RHEL 8
2:2.11.7-3.el8_10
fixed
RHEL 8.2 AUS
2:2.0.0-46.rc4.el8_2.7
fixed
RHEL 8.4 AUS
2:2.2.0-8.el8_4
fixed
RHEL 8.6 AUS
2:2.2.0-7.el8_6.2
fixed
RHEL 8.6 E4S
2:2.2.0-7.el8_6.2
fixed
RHEL 8.6 TUS
2:2.2.0-7.el8_6.2
fixed
RHEL 8.8 E4S
2:2.2.0-12.el8_8.2
fixed
RHEL 8.8 TUS
2:2.2.0-12.el8_8.2
fixed
RHEL 9
2:2.11.7-1.el9_7.2
fixed
freerdp-devel
RHEL 8
2:2.11.7-3.el8_10
fixed
RHEL 9
2:2.11.7-1.el9_7.2
fixed
freerdp-libs
RHEL 8
2:2.11.7-3.el8_10
fixed
RHEL 8.2 AUS
2:2.0.0-46.rc4.el8_2.7
fixed
RHEL 8.4 AUS
2:2.2.0-8.el8_4
fixed
RHEL 8.6 AUS
2:2.2.0-7.el8_6.2
fixed
RHEL 8.6 E4S
2:2.2.0-7.el8_6.2
fixed
RHEL 8.6 TUS
2:2.2.0-7.el8_6.2
fixed
RHEL 8.8 E4S
2:2.2.0-12.el8_8.2
fixed
RHEL 8.8 TUS
2:2.2.0-12.el8_8.2
fixed
RHEL 9
2:2.11.7-1.el9_7.2
fixed
libwinpr
RHEL 8
2:2.11.7-3.el8_10
fixed
RHEL 8.2 AUS
2:2.0.0-46.rc4.el8_2.7
fixed
RHEL 8.4 AUS
2:2.2.0-8.el8_4
fixed
RHEL 8.6 AUS
2:2.2.0-7.el8_6.2
fixed
RHEL 8.6 E4S
2:2.2.0-7.el8_6.2
fixed
RHEL 8.6 TUS
2:2.2.0-7.el8_6.2
fixed
RHEL 8.8 E4S
2:2.2.0-12.el8_8.2
fixed
RHEL 8.8 TUS
2:2.2.0-12.el8_8.2
fixed
RHEL 9
2:2.11.7-1.el9_7.2
fixed
libwinpr-devel
RHEL 8
2:2.11.7-3.el8_10
fixed
RHEL 8.2 AUS
2:2.0.0-46.rc4.el8_2.7
fixed
RHEL 8.4 AUS
2:2.2.0-8.el8_4
fixed
RHEL 8.6 AUS
2:2.2.0-7.el8_6.2
fixed
RHEL 8.6 E4S
2:2.2.0-7.el8_6.2
fixed
RHEL 8.6 TUS
2:2.2.0-7.el8_6.2
fixed
RHEL 8.8 E4S
2:2.2.0-12.el8_8.2
fixed
RHEL 8.8 TUS
2:2.2.0-12.el8_8.2
fixed
RHEL 9
2:2.11.7-1.el9_7.2
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
freerdp
Amazon Linux 2023
2:3.6.3-1.amzn2023.0.3
fixed
freerdp-debuginfo
Amazon Linux 2023
2:3.6.3-1.amzn2023.0.3
fixed
freerdp-debugsource
Amazon Linux 2023
2:3.6.3-1.amzn2023.0.3
fixed
freerdp-devel
Amazon Linux 2023
2:3.6.3-1.amzn2023.0.3
fixed
freerdp-libs
Amazon Linux 2023
2:3.6.3-1.amzn2023.0.3
fixed
freerdp-libs-debuginfo
Amazon Linux 2023
2:3.6.3-1.amzn2023.0.3
fixed
freerdp-server
Amazon Linux 2023
2:3.6.3-1.amzn2023.0.3
fixed
freerdp-server-debuginfo
Amazon Linux 2023
2:3.6.3-1.amzn2023.0.3
fixed
libwinpr
Amazon Linux 2023
2:3.6.3-1.amzn2023.0.3
fixed
libwinpr-debuginfo
Amazon Linux 2023
2:3.6.3-1.amzn2023.0.3
fixed
libwinpr-devel
Amazon Linux 2023
2:3.6.3-1.amzn2023.0.3
fixed