ГлавнаяУязвимости → CVE-2026-44420
8.8высокая

CVE-2026-44420

Описание

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP client can trigger a heap-buffer-overflow write in FreeRDP's server-side clipboard (cliprdr) channel by sending a CB_CLIP_CAPS PDU with a too-small capabilitySetLength. This can crash the server process (remote DoS) and may be exploitable for code execution because it corrupts heap memory. This vulnerability is fixed in 3.26.0.

Затрагиваемое ПО
Freerdp Freerdp
CVSS
Балл8.8 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Источники
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mvpx-xj7r-3p3rhttps://access.redhat.com/errata/RHSA-2026:36203https://access.redhat.com/security/cve/CVE-2026-44420https://bugzilla.redhat.com/show_bug.cgi?id=2483480https://github.com/yhirose/cpp-httplib/security/advisories/GHSA-h6wq-j5mv-f3q8https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-44420.json