Skip to main content

Suse EUVDEUVD-2026-17225

| CVE-2026-33982 HIGH
Out-of-bounds Read (CWE-125)
2026-03-30 GitHub_M
7.1
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
7.1 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Ubuntu
MEDIUM
qualitative
SUSE
HIGH
qualitative
Red Hat
6.6 MEDIUM
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 30, 2026 - 22:15 euvd
EUVD-2026-17225
Analysis Generated
Mar 30, 2026 - 22:15 vuln.today
CVE Published
Mar 30, 2026 - 21:42 nvd
HIGH 7.1

DescriptionGitHub Advisory

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, there is a heap-buffer-overflow READ vulnerability at 24 bytes before the allocation, in winpr_aligned_offset_recalloc(). This issue has been patched in version 3.24.2.

AnalysisAI

Heap-buffer-overflow in FreeRDP's winpr_aligned_offset_recalloc() function allows local attackers with no privileges but requiring user interaction to trigger high-severity information disclosure and denial of service in versions prior to 3.24.2. The vulnerability involves a READ operation at 24 bytes before heap allocation boundaries (CWE-125: Out-of-bounds Read). Vendor-released patch version 3.24.2 available via GitHub commit a48dbde2c8. EPSS data not provided; no public exploit identified at time of analysis. Affects all FreeRDP installations below 3.24.2, tracked across 7 Debian releases.

Technical ContextAI

This vulnerability affects the Windows Portable Runtime (WinPR) component of FreeRDP, specifically the winpr_aligned_offset_recalloc() memory management function. FreeRDP is an open-source implementation of Microsoft's Remote Desktop Protocol widely used for remote access on Linux, Unix, and embedded systems. The flaw represents a classic out-of-bounds read (CWE-125) where the function attempts to read heap memory 24 bytes before the legitimate allocation boundary. This occurs during memory reallocation operations, likely when handling alignment requirements for data structures. The vulnerability's local attack vector (AV:L) indicates exploitation requires local system access rather than network-based attacks, despite FreeRDP's network-facing purpose. The READ nature means attackers can extract sensitive information from adjacent heap memory regions rather than corrupt memory for code execution.

RemediationAI

Upgrade FreeRDP to version 3.24.2 or later, which contains the fix committed in GitHub commit a48dbde2c8a5b8b70a9d1c045d969a71afd6284c. System administrators should update via their distribution's package manager for Debian-based systems or compile from source using the patched release available at the official FreeRDP GitHub repository. The vendor security advisory at https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8jm9-2925-g4v2 provides additional context. For environments unable to immediately patch, temporary mitigations include restricting local user access to FreeRDP client execution, implementing application allowlisting to prevent unauthorized RDP client usage, and monitoring for unusual FreeRDP process crashes that could indicate exploitation attempts. No workaround eliminates the vulnerability; patching to 3.24.2 is the only complete remediation.

Vendor StatusVendor

Ubuntu

Priority: Medium
freerdp
Release Status Version
xenial needs-triage -
bionic needs-triage -
jammy DNE -
noble DNE -
questing DNE -
upstream needs-triage -
freerdp2
Release Status Version
bionic needs-triage -
focal needs-triage -
jammy needs-triage -
noble needs-triage -
questing DNE -
upstream needs-triage -
freerdp3
Release Status Version
jammy DNE -
noble needs-triage -
questing needs-triage -
upstream needs-triage -

Debian

freerdp2
Release Status Fixed Version Urgency
bullseye vulnerable 2.3.0+dfsg1-2+deb11u1 -
bullseye (security) vulnerable 2.3.0+dfsg1-2+deb11u3 -
bookworm vulnerable 2.11.7+dfsg1-6~deb12u1 -
(unstable) fixed (unfixed) -
freerdp3
Release Status Fixed Version Urgency
trixie vulnerable 3.15.0+dfsg-2.1 -
forky, sid fixed 3.24.2+dfsg-1 -
(unstable) fixed 3.24.2+dfsg-1 -

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP7 Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP7 Fixed
SUSE Linux Enterprise Server 15 SP7 Fixed

Share

EUVD-2026-17225 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy