CVE-2026-22855

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap out-of-bounds read occurs in the smartcard SetAttrib path when cbAttrLen does not match the actual NDR buffer length. This vulnerability is fixed in 3.20.1.

CVSS

No CVSS.

References

Link	Resource
https://github.com/FreeRDP/FreeRDP/releases/tag/3.20.1
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rwp3-g84r-6mx9

Configurations

No configuration.

History

14 Jan 2026, 18:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-01-14 18:16

Updated : 2026-01-14 18:16

NVD link : CVE-2026-22855

Mitre link : CVE-2026-22855

CVE.ORG link : CVE-2026-22855

JSON object : View

Products Affected

No product.

CWE

CWE-125

Out-of-bounds Read

{"id": "CVE-2026-22855", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.6, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "PROOF_OF_CONCEPT", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-01-14T18:16:43.080", "references": [{"url": "https://github.com/FreeRDP/FreeRDP/releases/tag/3.20.1", "source": "security-advisories@github.com"}, {"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rwp3-g84r-6mx9", "source": "security-advisories@github.com"}], "vulnStatus": "Received", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-125"}]}], "descriptions": [{"lang": "en", "value": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap out-of-bounds read occurs in the smartcard SetAttrib path when cbAttrLen does not match the actual NDR buffer length. This vulnerability is fixed in 3.20.1."}], "lastModified": "2026-01-14T18:16:43.080", "sourceIdentifier": "security-advisories@github.com"}

CVE-2026-22855

JSON object

Attach tags to CVE-2026-22855

Attach tags to `CVE-2026-22855`