NIXPKGS-2026-0878

GitHub issue published on

Permalink CVE-2026-33982

7.1 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Local (L)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): Required (R)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): None (N)
Availability (A): High (H)
Modified Attack Vector (MAV): Local (L)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): Required (R)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): High (H)

updated 1 month, 4 weeks ago by @mweinelt Activity log

Created suggestion 1 month, 4 weeks ago
@mweinelt accepted 1 month, 4 weeks ago
@mweinelt published on GitHub 1 month, 4 weeks ago

FreeRDP: Persistent Cache Allocator Mismatch - Heap OOB Read

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, there is a heap-buffer-overflow READ vulnerability at 24 bytes before the allocation, in winpr_aligned_offset_recalloc(). This issue has been patched in version 3.24.2.

References

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8jm9-2925-g4v2 x_refsource_CONFIRM
https://github.com/FreeRDP/FreeRDP/commit/a48dbde2c8a5b8b70a9d1c045d969a71afd6284c x_refsource_MISC

Affected products

FreeRDP

==< 3.24.2

Matching in nixpkgs

pkgs.freerdp

Remote Desktop Protocol Client

nixos-unstable 3.24.1
- nixpkgs-unstable 3.24.1
- nixos-unstable-small 3.24.2
nixos-25.11 3.23.0
- nixos-25.11-small 3.23.0
- nixpkgs-25.11-darwin 3.23.0

Package maintainers

@peterhoeg Peter Hoeg <peter@hoeg.com>

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8jm9-2925-g4v2

Nixpkgs security tracker

Details of issue NIXPKGS-2026-0878

References

Affected products

Matching in nixpkgs

pkgs.freerdp

Package maintainers