NIXPKGS-2026-0878

GitHub issue published on 31 Mar 2026

Permalink CVE-2026-33982

7.1 HIGH

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): NONE
Availability impact (A): HIGH

updated 15 hours ago by @mweinelt Activity log

Created automatic suggestion 1 day ago
@mweinelt accepted 16 hours ago
@mweinelt published on GitHub 15 hours ago

FreeRDP: Persistent Cache Allocator Mismatch - Heap OOB Read

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, there is a heap-buffer-overflow READ vulnerability at 24 bytes before the allocation, in winpr_aligned_offset_recalloc(). This issue has been patched in version 3.24.2.

References

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8jm9-2925-g4v2 x_refsource_CONFIRM
https://github.com/FreeRDP/FreeRDP/commit/a48dbde2c8a5b8b70a9d1c045d969a71afd6284c x_refsource_MISC

Affected products

FreeRDP

==< 3.24.2

Matching in nixpkgs

pkgs.freerdp

Remote Desktop Protocol Client

nixos-unstable 3.24.1
- nixpkgs-unstable 3.24.1
- nixos-unstable-small 3.24.2
nixos-25.11 3.23.0
- nixos-25.11-small 3.23.0
- nixpkgs-25.11-darwin 3.23.0

Package maintainers

@peterhoeg Peter Hoeg <peter@hoeg.com>

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8jm9-2925-g4v2

Nixpkgs Security Tracker

Details of issue NIXPKGS-2026-0878

References

Affected products

Matching in nixpkgs

pkgs.freerdp

Package maintainers