CVE-2026-22853

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, RDPEAR’s NDR array reader does not perform bounds checking on the on‑wire element count and can write past the heap buffer allocated from hints, causing a heap buffer overflow in ndr_read_uint8Array. This vulnerability is fixed in 3.20.1.
Configurations

Configuration 1 (hide)

cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*

History

30 Jun 2026, 03:17

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2026:19033 -
  • () https://access.redhat.com/errata/RHSA-2026:3068 -
  • () https://access.redhat.com/errata/RHSA-2026:4121 -
  • () https://access.redhat.com/security/cve/CVE-2026-22853 -
  • () https://bugzilla.redhat.com/show_bug.cgi?id=2429647 -
  • () https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22853.json -

17 Jun 2026, 10:20

Type Values Removed Values Added
Summary
  • (es) FreeRDP es una implementación gratuita del Protocolo de Escritorio Remoto. Anterior a la 3.20.1, el lector de arrays NDR de RDPEAR no realiza comprobación de límites en el recuento de elementos en la transmisión y puede escribir más allá del búfer de pila asignado a partir de las sugerencias, causando un desbordamiento de búfer de pila en ndr_read_uint8Array. Esta vulnerabilidad está corregida en la 3.20.1.

20 Jan 2026, 18:39

Type Values Removed Values Added
First Time Freerdp
Freerdp freerdp
References () https://github.com/FreeRDP/FreeRDP/releases/tag/3.20.1 - () https://github.com/FreeRDP/FreeRDP/releases/tag/3.20.1 - Release Notes
References () https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-47v9-p4gp-w5ch - () https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-47v9-p4gp-w5ch - Exploit, Vendor Advisory
CPE cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8

14 Jan 2026, 18:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-01-14 18:16

Updated : 2026-06-30 03:17


NVD link : CVE-2026-22853

Mitre link : CVE-2026-22853

CVE.ORG link : CVE-2026-22853


JSON object : View

Products Affected

freerdp

  • freerdp
CWE
CWE-787

Out-of-bounds Write