Skip to main content

Freerdp CVE-2026-23532

CRITICAL
Heap-based Buffer Overflow (CWE-122)
2026-01-19 security-advisories@github.com
Buffer Overflow Denial Of Service Freerdp Red Hat Suse
9.8
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
SUSE
CRITICAL
qualitative
Red Hat
7.6 HIGH
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Patch released
Apr 09, 2026 - 20:30 nvd
Patch available
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
PoC Detected
Jan 28, 2026 - 18:48 vuln.today
Public exploit code
CVE Published
Jan 19, 2026 - 17:15 nvd
CRITICAL 9.8

DescriptionGitHub Advisory

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, a client-side heap buffer overflow occurs in the FreeRDP client’s gdi_SurfaceToSurface path due to a mismatch between destination rectangle clamping and the actual copy size. A malicious server can trigger a client‑side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.

AnalysisAI

FreeRDP prior to 3.21.0 has a client-side heap buffer overflow that can be triggered by a malicious RDP server during session data processing, enabling remote code execution.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Malicious RDP server sends crafted surface copy command
Exploit
Destination rectangle clamping mismatch occurs
Execution
Heap buffer overflow in gdi_SurfaceToSurface
Impact
Heap corruption and arbitrary code execution
Sign in to reveal

Vulnerability AssessmentAI

Exploitation FreeRDP client versions prior to 3.21.0 must connect to attacker-controlled RDP server. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment CVSS 9.8 with PoC. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker operates a rogue RDP server that exploits this heap overflow when a victim connects, achieving code execution on the client machine.
Remediation Update FreeRDP to version 3.21.0 or later. Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Identify all affected systems and apply vendor patches immediately. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: Critical
Product Status
Container suse/sl-micro/6.0/baremetal-os-container:latest Container suse/sl-micro/6.0/kvm-os-container:latest Container suse/sl-micro/6.0/rt-os-container:latest Affected
Container suse/sl-micro/6.0/base-os-container:latest Container suse/sl-micro/6.0/toolbox:latest Image SL-Micro Image SLE-Micro Image SLE-Micro-Azure Image SLE-Micro-BYOS Image SLE-Micro-BYOS-Azure Image SLE-Micro-BYOS-EC2 Image SLE-Micro-BYOS-GCE Image SLE-Micro-EC2 Image SLE-Micro-GCE Affected
Container suse/sl-micro/6.1/baremetal-os-container:2.2.1-7.43 Container suse/sl-micro/6.1/kvm-os-container:2.2.1-5.67 Container suse/sl-micro/6.1/rt-os-container:2.2.1-5.57 Affected
Container suse/sl-micro/6.1/base-os-container:2.2.1-5.64 Image SL-Micro-Azure Image SL-Micro-BYOS-Azure Image SL-Micro-BYOS-EC2 Image SL-Micro-BYOS-GCE Image SL-Micro-EC2 Image SUSE-Multi-Linux-Manager-Proxy-BYOS-Azure Image SUSE-Multi-Linux-Manager-Proxy-BYOS-EC2 Image SUSE-Multi-Linux-Manager-Proxy-BYOS-GCE Image SUSE-Multi-Linux-Manager-Server-Azure-llc Image SUSE-Multi-Linux-Manager-Server-Azure-ltd Image SUSE-Multi-Linux-Manager-Server-BYOS-Azure Image SUSE-Multi-Linux-Manager-Server-BYOS-EC2 Image SUSE-Multi-Linux-Manager-Server-BYOS-GCE Image SUSE-Multi-Linux-Manager-Server-EC2-llc Image SUSE-Multi-Linux-Manager-Server-EC2-ltd Affected
SUSE Liberty Linux 8 Fixed

Share

CVE-2026-23532 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy