VYPR
Unrated severityOSV Advisory· Published Jan 14, 2026· Updated Feb 26, 2026

FreeRDP has a heap-buffer-overflow in ndr_read_uint8Array

CVE-2026-22853

Description

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, RDPEAR’s NDR array reader does not perform bounds checking on the on‑wire element count and can write past the heap buffer allocated from hints, causing a heap buffer overflow in ndr_read_uint8Array. This vulnerability is fixed in 3.20.1.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

12

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.