Skip to main content

Red Hat CVE-2026-33987

| EUVDEUVD-2026-17235 HIGH
Heap-based Buffer Overflow (CWE-122)
2026-03-30 GitHub_M
7.1
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
7.1 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
Ubuntu
MEDIUM
qualitative
SUSE
HIGH
qualitative
Red Hat
7.8 MEDIUM
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 30, 2026 - 22:15 euvd
EUVD-2026-17235
Analysis Generated
Mar 30, 2026 - 22:15 vuln.today
CVE Published
Mar 30, 2026 - 21:43 nvd
HIGH 7.1

DescriptionGitHub Advisory

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in persistent_cache_read_entry_v3() in libfreerdp/cache/persistent.c, persistent->bmpSize is updated before winpr_aligned_recalloc(). If realloc fails, bmpSize is inflated while bmpData points to the old buffer. This issue has been patched in version 3.24.2.

AnalysisAI

Heap buffer overflow in FreeRDP's persistent bitmap cache handling allows local attackers to corrupt memory integrity and crash the RDP client. Affecting all versions prior to 3.24.2, the vulnerability (CWE-122) occurs when memory reallocation fails but the buffer size variable is prematurely updated, creating a size/pointer mismatch. EPSS data not available, but marked medium priority by Ubuntu. No public exploit identified at time of analysis, though technical details are disclosed in the GitHub Security Advisory.

Technical ContextAI

FreeRDP is an open-source implementation of Microsoft's Remote Desktop Protocol (RDP), widely used for remote desktop connectivity across platforms. The vulnerability resides in libfreerdp/cache/persistent.c within the persistent_cache_read_entry_v3() function, which handles persistent bitmap caching to optimize RDP session performance. The flaw is a classic heap buffer overflow (CWE-122) stemming from improper synchronization between buffer size tracking and memory allocation. Specifically, the code updates the persistent->bmpSize variable before calling winpr_aligned_recalloc() to resize persistent->bmpData. If realloc() fails due to memory exhaustion or other conditions, bmpSize reflects the intended larger size while bmpData still points to the original smaller buffer. Subsequent operations using the inflated bmpSize on the undersized buffer can write beyond allocated heap boundaries, corrupting adjacent memory structures. This represents a Time-of-Check-Time-of-Use (TOCTOU) style error in resource management during cache deserialization.

RemediationAI

Upgrade to FreeRDP version 3.24.2 or later, which contains the complete fix for the heap buffer overflow via commit 1a890eb43492b5eb707cb3dd6fc908f696e8fc1c. The patch corrects the order of operations in persistent_cache_read_entry_v3() to ensure bmpSize is only updated after successful memory reallocation, eliminating the size/pointer desynchronization. For Linux distributions, apply vendor-provided security updates through standard package managers (apt, yum, dnf) as Ubuntu and Debian maintainers release patched packages for tracked releases. Organizations unable to immediately upgrade should implement defense-in-depth controls: restrict RDP client usage to trusted connection sources only, disable persistent bitmap caching if operationally feasible via FreeRDP configuration options, and deploy endpoint detection solutions to monitor for abnormal RDP client behavior or crashes. Review and sanitize any RDP connection files (.rdp) from untrusted sources before use. System administrators should audit environments for applications embedding vulnerable libfreerdp versions and coordinate updates with application vendors. Full technical details and patch available at https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-ff8h-p5vc-wcwc and commit reference https://github.com/FreeRDP/FreeRDP/commit/1a890eb43492b5eb707cb3dd6fc908f696e8fc1c.

Vendor StatusVendor

Ubuntu

Priority: Medium
freerdp
Release Status Version
xenial needs-triage -
bionic needs-triage -
jammy DNE -
noble DNE -
questing DNE -
upstream needs-triage -
freerdp2
Release Status Version
bionic needs-triage -
focal needs-triage -
jammy needs-triage -
noble needs-triage -
questing DNE -
upstream needs-triage -
freerdp3
Release Status Version
jammy DNE -
noble needs-triage -
questing needs-triage -
upstream needs-triage -

Debian

freerdp2
Release Status Fixed Version Urgency
bullseye vulnerable 2.3.0+dfsg1-2+deb11u1 -
bullseye (security) vulnerable 2.3.0+dfsg1-2+deb11u3 -
bookworm vulnerable 2.11.7+dfsg1-6~deb12u1 -
(unstable) fixed (unfixed) -
freerdp3
Release Status Fixed Version Urgency
trixie vulnerable 3.15.0+dfsg-2.1 -
forky, sid fixed 3.24.2+dfsg-1 -
(unstable) fixed 3.24.2+dfsg-1 -

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP7 Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP7 Fixed
SUSE Linux Enterprise Server 15 SP7 Fixed

Share

CVE-2026-33987 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy