Bug 2429645 (CVE-2026-22855) - CVE-2026-22855 freerdp: FreeRDP heap-buffer-overflow
Summary: CVE-2026-22855 freerdp: FreeRDP heap-buffer-overflow
Keywords:
Status: NEW
Alias: CVE-2026-22855
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2429792 2429804 2429808 2429802 2429806
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-01-14 18:01 UTC by OSIDB Bzimport
Modified: 2026-03-12 14:28 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2026:3067 0 None None None 2026-02-23 10:46:24 UTC
Red Hat Product Errata RHSA-2026:3068 0 None None None 2026-02-23 10:10:05 UTC
Red Hat Product Errata RHSA-2026:3334 0 None None None 2026-02-25 11:15:35 UTC
Red Hat Product Errata RHSA-2026:3975 0 None None None 2026-03-09 02:00:44 UTC
Red Hat Product Errata RHSA-2026:4121 0 None None None 2026-03-09 18:01:14 UTC
Red Hat Product Errata RHSA-2026:4437 0 None None None 2026-03-12 08:29:01 UTC
Red Hat Product Errata RHSA-2026:4438 0 None None None 2026-03-12 08:55:45 UTC
Red Hat Product Errata RHSA-2026:4439 0 None None None 2026-03-12 08:49:43 UTC
Red Hat Product Errata RHSA-2026:4440 0 None None None 2026-03-12 09:06:45 UTC
Red Hat Product Errata RHSA-2026:4446 0 None None None 2026-03-12 09:11:20 UTC
Red Hat Product Errata RHSA-2026:4471 0 None None None 2026-03-12 13:27:07 UTC
Red Hat Product Errata RHSA-2026:4489 0 None None None 2026-03-12 14:28:30 UTC

Description OSIDB Bzimport 2026-01-14 18:01:12 UTC 
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap out-of-bounds read occurs in the smartcard SetAttrib path when cbAttrLen does not match the actual NDR buffer length. This vulnerability is fixed in 3.20.1.
Comment 2 errata-xmlrpc 2026-02-23 10:10:04 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:3068 https://access.redhat.com/errata/RHSA-2026:3068
Comment 3 errata-xmlrpc 2026-02-23 10:46:23 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:3067 https://access.redhat.com/errata/RHSA-2026:3067
Comment 4 errata-xmlrpc 2026-02-25 11:15:34 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:3334 https://access.redhat.com/errata/RHSA-2026:3334
Comment 5 errata-xmlrpc 2026-03-09 02:00:42 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:3975 https://access.redhat.com/errata/RHSA-2026:3975
Comment 6 errata-xmlrpc 2026-03-09 18:01:13 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:4121 https://access.redhat.com/errata/RHSA-2026:4121
Comment 7 errata-xmlrpc 2026-03-12 08:29:01 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2026:4437 https://access.redhat.com/errata/RHSA-2026:4437
Comment 8 errata-xmlrpc 2026-03-12 08:49:42 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

Via RHSA-2026:4439 https://access.redhat.com/errata/RHSA-2026:4439
Comment 9 errata-xmlrpc 2026-03-12 08:55:44 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2026:4438 https://access.redhat.com/errata/RHSA-2026:4438
Comment 10 errata-xmlrpc 2026-03-12 09:06:44 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2026:4440 https://access.redhat.com/errata/RHSA-2026:4440
Comment 11 errata-xmlrpc 2026-03-12 09:11:19 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2026:4446 https://access.redhat.com/errata/RHSA-2026:4446
Comment 12 errata-xmlrpc 2026-03-12 13:27:06 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2026:4471 https://access.redhat.com/errata/RHSA-2026:4471
Comment 13 errata-xmlrpc 2026-03-12 14:28:29 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2026:4489 https://access.redhat.com/errata/RHSA-2026:4489
Note You need to log in before you can comment on or make changes to this bug.