Nixpkgs security tracker

Published

Permalink CVE-2026-22853

updated 4 months, 1 week ago by @LeSuisse Activity log

Created suggestion 4 months, 1 week ago
@LeSuisse accepted 4 months, 1 week ago
@LeSuisse published on GitHub 4 months, 1 week ago

FreeRDP has a heap-buffer-overflow in ndr_read_uint8Array

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, RDPEAR’s NDR array reader does not perform bounds checking on the on‑wire element count and can write past the heap buffer allocated from hints, causing a heap buffer overflow in ndr_read_uint8Array. This vulnerability is fixed in 3.20.1.

References

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-47v9-p4gp-w5ch x_refsource_CONFIRM
https://github.com/FreeRDP/FreeRDP/releases/tag/3.20.1 x_refsource_MISC

Affected products

FreeRDP

==< 3.20.1

Matching in nixpkgs

pkgs.freerdp

Remote Desktop Protocol Client

nixos-unstable 3.17.2
- nixpkgs-unstable 3.17.2
- nixos-unstable-small 3.17.2

Package maintainers

@peterhoeg Peter Hoeg <peter@hoeg.com>

Upstream advisory: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-47v9-p4gp-w5ch

Published

Permalink CVE-2026-22852

updated 4 months, 1 week ago by @LeSuisse Activity log

Created suggestion 4 months, 1 week ago
@LeSuisse accepted 4 months, 1 week ago
@LeSuisse published on GitHub 4 months, 1 week ago

FreeRDP has a heap-buffer-overflow in audin_process_formats

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client when processing Audio Input (AUDIN) format lists. audin_process_formats reuses callback->formats_count across multiple MSG_SNDIN_FORMATS PDUs and writes past the newly allocated formats array, causing memory corruption and a crash. This vulnerability is fixed in 3.20.1.

References

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9chc-g79v-4qq4 x_refsource_CONFIRM
https://github.com/FreeRDP/FreeRDP/releases/tag/3.20.1 x_refsource_MISC

Affected products

FreeRDP

==< 3.20.1

Matching in nixpkgs

pkgs.freerdp

Remote Desktop Protocol Client

nixos-unstable 3.17.2
- nixpkgs-unstable 3.17.2
- nixos-unstable-small 3.17.2

Package maintainers

@peterhoeg Peter Hoeg <peter@hoeg.com>

Upstream advisory: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9chc-g79v-4qq4

Published

Permalink CVE-2026-22856

updated 4 months, 1 week ago by @LeSuisse Activity log

Created suggestion 4 months, 1 week ago
@LeSuisse accepted 4 months, 1 week ago
@LeSuisse published on GitHub 4 months, 1 week ago

FreeRDP has a heap-use-after-free in create_irp_thread

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race in the serial channel IRP thread tracking allows a heap use‑after‑free when one thread removes an entry from serial->IrpThreads while another reads it. This vulnerability is fixed in 3.20.1.

References

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-w842-c386-fxhv x_refsource_CONFIRM
https://github.com/FreeRDP/FreeRDP/releases/tag/3.20.1 x_refsource_MISC

Affected products

FreeRDP

==< 3.20.1

Matching in nixpkgs

pkgs.freerdp

Remote Desktop Protocol Client

nixos-unstable 3.17.2
- nixpkgs-unstable 3.17.2
- nixos-unstable-small 3.17.2

Package maintainers

@peterhoeg Peter Hoeg <peter@hoeg.com>

Upstream advisory: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-w842-c386-fxhv

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.freerdp

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.freerdp

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.freerdp

Package maintainers