NIXPKGS-2026-0202

GitHub issue published on 10 Feb 2026

Permalink CVE-2026-24684

updated 1 month, 3 weeks ago by @LeSuisse Activity log

Created automatic suggestion 1 month, 3 weeks ago
@LeSuisse accepted 1 month, 3 weeks ago
@LeSuisse published on GitHub 1 month, 3 weeks ago

FreeRDP has a Heap-use-after-free in play_thread

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, the RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsnd_treat_wave. This vulnerability is fixed in 3.22.0.

References

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vcgv-xgjp-h83q x_refsource_CONFIRM
https://github.com/FreeRDP/FreeRDP/commit/622bb7b4402491ca003f47472d0e478132673696 x_refsource_MISC
https://github.com/FreeRDP/FreeRDP/commit/afa6851dc80835d3101e40fcef51b6c5c0f43ea5 x_refsource_MISC
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vcgv-xgjp-h83q x_refsource_CONFIRM
https://github.com/FreeRDP/FreeRDP/commit/622bb7b4402491ca003f47472d0e478132673696 x_refsource_MISC
https://github.com/FreeRDP/FreeRDP/commit/afa6851dc80835d3101e40fcef51b6c5c0f43ea5 x_refsource_MISC

Affected products

FreeRDP

==< 3.22.0

Matching in nixpkgs

pkgs.freerdp

Remote Desktop Protocol Client

nixos-unstable 3.21.0
- nixpkgs-unstable 3.21.0
- nixos-unstable-small 3.21.0
nixos-25.11 3.21.0
- nixos-25.11-small 3.21.0
- nixpkgs-25.11-darwin 3.21.0

Package maintainers

@peterhoeg Peter Hoeg <peter@hoeg.com>

Upstream advisory: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vcgv-xgjp-h83q
Release notes: https://www.freerdp.com/2026/01/28/3_22_0-release

Nixpkgs Security Tracker

Details of issue NIXPKGS-2026-0202

References

Affected products

Matching in nixpkgs

pkgs.freerdp

Package maintainers