Skip to main content

Red Hat CVE-2026-33985

| EUVDEUVD-2026-17231 MEDIUM
Out-of-bounds Read (CWE-125)
2026-03-30 GitHub_M
5.9
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
5.9 MEDIUM
AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L
Ubuntu
MEDIUM
qualitative
SUSE
MEDIUM
qualitative
Red Hat
5.3 MEDIUM
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
Low

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 30, 2026 - 22:15 euvd
EUVD-2026-17231
Analysis Generated
Mar 30, 2026 - 22:15 vuln.today
CVE Published
Mar 30, 2026 - 21:43 nvd
MEDIUM 5.9

DescriptionGitHub Advisory

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, pixel data from adjacent heap memory is rendered to screen, potentially leaking sensitive data to the attacker. This issue has been patched in version 3.24.2.

AnalysisAI

FreeRDP versions prior to 3.24.2 leak sensitive heap data to the screen during pixel rendering in remote desktop sessions, allowing unauthenticated remote attackers to obtain confidential information through a man-in-the-middle position or compromised RDP server. The vulnerability requires user interaction (UI:R) and involves out-of-bounds memory read (CWE-125), with CVSS 5.9 reflecting moderate confidentiality impact and low availability degradation. No public exploit code or active exploitation has been confirmed at time of analysis.

Technical ContextAI

FreeRDP implements the Remote Desktop Protocol (RDP), which transmits graphical desktop environments over network connections. The vulnerability stems from an out-of-bounds read (CWE-125) in pixel data handling during frame buffer rendering. When processing RDP protocol messages containing pixel data, the implementation fails to properly validate memory boundaries, allowing adjacent heap memory contents to be included in rendered output sent back to the client or displayed on screen. This is a classic heap buffer over-read where pixel decoding routines read past the allocated buffer into uninitialized or sensitive heap regions. The affected CPE string (cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*) indicates all versions before patching are vulnerable.

RemediationAI

Vendor-released patch: FreeRDP 3.24.2. Update to version 3.24.2 or later immediately. Consult the official FreeRDP security advisory at https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x6gr-8p7h-5h85 for release notes and verification instructions. For Debian and Ubuntu users, check apt repositories for updated freerdp package versions corresponding to 3.24.2 or later. For downstream consumers of FreeRDP (terminal servers, RDP gateways, embedded clients), verify that your application vendor has released updates incorporating the patched FreeRDP version. Temporary mitigation is limited-network segregation of RDP connections and restriction of RDP traffic to trusted servers reduces attack surface until patching is completed.

Vendor StatusVendor

Ubuntu

Priority: Medium
freerdp
Release Status Version
xenial needs-triage -
bionic needs-triage -
jammy DNE -
noble DNE -
questing DNE -
upstream needs-triage -
freerdp2
Release Status Version
bionic needs-triage -
focal needs-triage -
jammy needs-triage -
noble needs-triage -
questing DNE -
upstream needs-triage -
freerdp3
Release Status Version
jammy DNE -
noble needs-triage -
questing needs-triage -
upstream needs-triage -

Debian

freerdp2
Release Status Fixed Version Urgency
bullseye vulnerable 2.3.0+dfsg1-2+deb11u1 -
bullseye (security) vulnerable 2.3.0+dfsg1-2+deb11u3 -
bookworm vulnerable 2.11.7+dfsg1-6~deb12u1 -
(unstable) fixed (unfixed) -
freerdp3
Release Status Fixed Version Urgency
trixie vulnerable 3.15.0+dfsg-2.1 -
forky, sid fixed 3.24.2+dfsg-1 -
(unstable) fixed 3.24.2+dfsg-1 -

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP7 Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP7 Fixed
SUSE Linux Enterprise Server 15 SP7 Fixed

Share

CVE-2026-33985 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy