Unrated severityOSV Advisory· Published Jan 14, 2026· Updated Feb 26, 2026
FreeRDP has a heap-buffer-overflow in ndr_read_uint8Array
CVE-2026-22853
Description
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, RDPEAR’s NDR array reader does not perform bounds checking on the on‑wire element count and can write past the heap buffer allocated from hints, causing a heap buffer overflow in ndr_read_uint8Array. This vulnerability is fixed in 3.20.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
12- osv-coords10 versionspkg:rpm/almalinux/freerdppkg:rpm/almalinux/freerdp-develpkg:rpm/almalinux/freerdp-libspkg:rpm/almalinux/freerdp-serverpkg:rpm/almalinux/libwinprpkg:rpm/almalinux/libwinpr-develpkg:rpm/opensuse/freerdp&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/freerdp&distro=openSUSE%20Tumbleweedpkg:rpm/suse/freerdp&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP7pkg:rpm/suse/freerdp&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP7
< 2:3.10.3-5.el10_1.2+ 9 more
- (no CPE)range: < 2:3.10.3-5.el10_1.2
- (no CPE)range: < 2:3.10.3-5.el10_1.2
- (no CPE)range: < 2:3.10.3-5.el10_1.2
- (no CPE)range: < 2:3.10.3-5.el10_1.2
- (no CPE)range: < 2:3.10.3-5.el10_1.2
- (no CPE)range: < 2:3.10.3-5.el10_1.2
- (no CPE)range: < 3.22.0-160000.1.1
- (no CPE)range: < 3.20.2-1.1
- (no CPE)range: < 3.10.3-150700.3.3.1
- (no CPE)range: < 3.10.3-150700.3.3.1
Patches
Vulnerability mechanics
References
2- github.com/FreeRDP/FreeRDP/releases/tag/3.20.1mitrex_refsource_MISC
- github.com/FreeRDP/FreeRDP/security/advisories/GHSA-47v9-p4gp-w5chmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.