openEuler-SA-2026-1520

Synopsis:

freerdp security updateSummary:

An update for freerdp is now available for openEuler-22.03-LTS-SP4Description:

FreeRDP is a client implementation of the Remote Desktop Protocol (RDP) that follows Microsoft's open specifications. This package provides the client applications xfreerdp.

Security Fix(es):

A malicious server can trigger a client-side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code-execution risk depending on allocator behavior and surrounding heap layout.(CVE-2026-22852)

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap-buffer-overflow occurs in drive read when a server-controlled read length is used to read file data into an IRP output stream buffer without a hard upper bound, allowing an oversized read to overwrite heap memory. This vulnerability is fixed in 3.20.1.(CVE-2026-22854)

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.20.1, a heap out-of-bounds read occurs in the smartcard SetAttrib path when the cbAttrLen parameter does not match the actual NDR (Network Data Representation) buffer length. An attacker could potentially exploit this vulnerability to read sensitive information from process memory or cause the application to crash.(CVE-2026-22855)

A malicious server can trigger a client-side use after free, causing a crash (DoS) and potential heap corruption with code-execution risk depending on allocator behavior and surrounding heap layout.(CVE-2026-22856)

A malicious server can trigger a client-side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code-execution risk depending on allocator behavior and surrounding heap layout. The vulnerability exists in the irp_thread_func function.(CVE-2026-22857)

A malicious server can trigger a client‑side heap buffer overflow, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior...