9.1

CVE-2026-22855

Exploit

FreeRDP has a heap-buffer-overflow in smartcard_unpack_set_attrib_call

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap out-of-bounds read occurs in the smartcard SetAttrib path when cbAttrLen does not match the actual NDR buffer length. This vulnerability is fixed in 3.20.1.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FreerdpFreerdp Version < 3.20.1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.76% 0.505
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.1 3.9 5.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
security-advisories@github.com 5.6 0 0
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
0b0ca135-0b70-47e7-9f44-1890c2a1c46c 7.4 2.2 5.2
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://github.com/FreeRDP/FreeRDP/releases/tag/3.20.1
Release Notes
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rwp3-g84r-6mx9
Vendor Advisory
Exploit
https://access.redhat.com/errata/RHSA-2026:19033
https://access.redhat.com/errata/RHSA-2026:3068
https://access.redhat.com/errata/RHSA-2026:4121
https://access.redhat.com/errata/RHSA-2026:3067
https://access.redhat.com/errata/RHSA-2026:3334
https://access.redhat.com/errata/RHSA-2026:3975
https://access.redhat.com/errata/RHSA-2026:4437
https://access.redhat.com/errata/RHSA-2026:4438
https://access.redhat.com/errata/RHSA-2026:4439
https://access.redhat.com/errata/RHSA-2026:4440
https://access.redhat.com/errata/RHSA-2026:4446
https://access.redhat.com/errata/RHSA-2026:4471
https://access.redhat.com/errata/RHSA-2026:4489
https://access.redhat.com/security/cve/CVE-2026-22855
https://bugzilla.redhat.com/show_bug.cgi?id=2429645
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-22855.json