Nixpkgs Security Tracker

Permalink CVE-2026-22854

updated 3 weeks, 4 days ago by @LeSuisse Activity log

Created automatic suggestion 3 weeks, 5 days ago
@LeSuisse removed maintainer @peterhoeg 3 weeks, 4 days ago
@LeSuisse accepted 3 weeks, 4 days ago
@LeSuisse published on GitHub 3 weeks, 4 days ago

FreeRDP has a heap-buffer-overflow in drive_process_irp_read

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap-buffer-overflow occurs in drive read when a server-controlled read length is used to read file data into an IRP output stream buffer without a hard upper bound, allowing an oversized read to overwrite heap memory. This vulnerability is fixed in 3.20.1.

Affected products

FreeRDP

==< 3.20.1

Matching in nixpkgs

pkgs.freerdp

Remote Desktop Protocol Client

nixos-unstable 3.17.2
- nixpkgs-unstable 3.17.2
- nixos-unstable-small 3.17.2
nixos-25.05 3.15.0
- nixos-25.05-small 3.15.0
- nixpkgs-25.05-darwin 3.15.0

Package maintainers

Ignored maintainers (1)

@peterhoeg Peter Hoeg <peter@hoeg.com>

Permalink CVE-2026-22857

updated 3 weeks, 4 days ago by @LeSuisse Activity log

Created automatic suggestion 3 weeks, 5 days ago
@LeSuisse accepted 3 weeks, 4 days ago
@LeSuisse published on GitHub 3 weeks, 4 days ago

FreeRDP has a heap-use-after-free in irp_thread_func

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap use-after-free occurs in irp_thread_func because the IRP is freed by irp->Complete() and then accessed again on the error path. This vulnerability is fixed in 3.20.1.

Affected products

FreeRDP

==< 3.20.1

Matching in nixpkgs

pkgs.freerdp

Remote Desktop Protocol Client

nixos-unstable 3.17.2
- nixpkgs-unstable 3.17.2
- nixos-unstable-small 3.17.2
nixos-25.05 3.15.0
- nixos-25.05-small 3.15.0
- nixpkgs-25.05-darwin 3.15.0

Package maintainers

@peterhoeg Peter Hoeg <peter@hoeg.com>

Upstream advisory: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4gxq-jhq6-4cr8

Permalink CVE-2026-22853

updated 3 weeks, 4 days ago by @LeSuisse Activity log

Created automatic suggestion 3 weeks, 5 days ago
@LeSuisse accepted 3 weeks, 4 days ago
@LeSuisse published on GitHub 3 weeks, 4 days ago

FreeRDP has a heap-buffer-overflow in ndr_read_uint8Array

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, RDPEAR’s NDR array reader does not perform bounds checking on the on‑wire element count and can write past the heap buffer allocated from hints, causing a heap buffer overflow in ndr_read_uint8Array. This vulnerability is fixed in 3.20.1.

Affected products

FreeRDP

==< 3.20.1

Matching in nixpkgs

pkgs.freerdp

Remote Desktop Protocol Client

nixos-unstable 3.17.2
- nixpkgs-unstable 3.17.2
- nixos-unstable-small 3.17.2
nixos-25.05 3.15.0
- nixos-25.05-small 3.15.0
- nixpkgs-25.05-darwin 3.15.0

Package maintainers

@peterhoeg Peter Hoeg <peter@hoeg.com>

Upstream advisory: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-47v9-p4gp-w5ch

Permalink CVE-2026-22852

updated 3 weeks, 5 days ago by @LeSuisse Activity log

Created automatic suggestion 3 weeks, 5 days ago
@LeSuisse accepted 3 weeks, 5 days ago
@LeSuisse published on GitHub 3 weeks, 5 days ago

FreeRDP has a heap-buffer-overflow in audin_process_formats

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client when processing Audio Input (AUDIN) format lists. audin_process_formats reuses callback->formats_count across multiple MSG_SNDIN_FORMATS PDUs and writes past the newly allocated formats array, causing memory corruption and a crash. This vulnerability is fixed in 3.20.1.

Affected products

FreeRDP

==< 3.20.1

Matching in nixpkgs

pkgs.freerdp

Remote Desktop Protocol Client

nixos-unstable 3.17.2
- nixpkgs-unstable 3.17.2
- nixos-unstable-small 3.17.2
nixos-25.05 3.15.0
- nixos-25.05-small 3.15.0
- nixpkgs-25.05-darwin 3.15.0

Package maintainers

@peterhoeg Peter Hoeg <peter@hoeg.com>

Upstream advisory: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9chc-g79v-4qq4

Permalink CVE-2026-22856

updated 3 weeks, 5 days ago by @LeSuisse Activity log

Created automatic suggestion 3 weeks, 5 days ago
@LeSuisse accepted 3 weeks, 5 days ago
@LeSuisse published on GitHub 3 weeks, 5 days ago

FreeRDP has a heap-use-after-free in create_irp_thread

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race in the serial channel IRP thread tracking allows a heap use‑after‑free when one thread removes an entry from serial->IrpThreads while another reads it. This vulnerability is fixed in 3.20.1.

Affected products

FreeRDP

==< 3.20.1

Matching in nixpkgs

pkgs.freerdp

Remote Desktop Protocol Client

nixos-unstable 3.17.2
- nixpkgs-unstable 3.17.2
- nixos-unstable-small 3.17.2
nixos-25.05 3.15.0
- nixos-25.05-small 3.15.0
- nixpkgs-25.05-darwin 3.15.0

Package maintainers

@peterhoeg Peter Hoeg <peter@hoeg.com>

Upstream advisory: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-w842-c386-fxhv

Suggestions search

Affected products

Matching in nixpkgs

pkgs.freerdp

Package maintainers

Affected products

Matching in nixpkgs

pkgs.freerdp

Package maintainers

Affected products

Matching in nixpkgs

pkgs.freerdp

Package maintainers

Affected products

Matching in nixpkgs

pkgs.freerdp

Package maintainers

Affected products

Matching in nixpkgs

pkgs.freerdp

Package maintainers