CVE-2026-44420
EUVD-2026-3343529.05.2026, 20:16
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP client can trigger a heap-buffer-overflow write in FreeRDP's server-side clipboard (cliprdr) channel by sending a CB_CLIP_CAPS PDU with a too-small capabilitySetLength. This can crash the server process (remote DoS) and may be exploitable for code execution because it corrupts heap memory. This vulnerability is fixed in 3.26.0.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| freerdp | freerdp | 𝑥 < 3.26.0 |
𝑥
= Vulnerable software versions
Debian Releases
Amazon Linux Releases
Amazon Package | |||||
|---|---|---|---|---|---|
| freerdp |
| ||||
| freerdp-debuginfo |
| ||||
| freerdp-debugsource |
| ||||
| freerdp-devel |
| ||||
| freerdp-libs |
| ||||
| freerdp-libs-debuginfo |
| ||||
| freerdp-server |
| ||||
| freerdp-server-debuginfo |
| ||||
| libwinpr |
| ||||
| libwinpr-debuginfo |
| ||||
| libwinpr-devel |
|
Common Weakness Enumeration
- CWE-122 - Heap-based Buffer OverflowA heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
- CWE-131 - Incorrect Calculation of Buffer SizeThe software does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.
References