NIXPKGS-2026-0202

GitHub issue published on 10 Feb 2026

Permalink CVE-2026-24684

updated 2 days, 2 hours ago by @LeSuisse Activity log

Created automatic suggestion 2 days, 6 hours ago
@LeSuisse accepted 2 days, 2 hours ago
@LeSuisse published on GitHub 2 days, 2 hours ago

FreeRDP has a Heap-use-after-free in play_thread

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, the RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsnd_treat_wave. This vulnerability is fixed in 3.22.0.

Affected products

FreeRDP

==< 3.22.0

Matching in nixpkgs

pkgs.freerdp

Remote Desktop Protocol Client

nixos-unstable 3.21.0
- nixpkgs-unstable 3.21.0
- nixos-unstable-small 3.21.0
nixos-25.11 3.21.0
- nixos-25.11-small 3.21.0
- nixpkgs-25.11-darwin 3.21.0

Package maintainers

@peterhoeg Peter Hoeg <peter@hoeg.com>

Upstream advisory: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-vcgv-xgjp-h83q
Release notes: https://www.freerdp.com/2026/01/28/3_22_0-release

Nixpkgs Security Tracker

Details of issue NIXPKGS-2026-0202

Affected products

Matching in nixpkgs

pkgs.freerdp

Package maintainers