VDB
BDU%3A2026-00662
BDU%3A2026-00662
PUBLISHED
CVSS 7.800000190734863 HIGH
Уязвимость функции gdi_set_bounds() RDP-клиента FreeRDP, позволяющая нарушителю выполнить произвольный код и вызвать отказ в обслуживании
Risk Scores
CVSS 2.0
7.800000190734863
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| АО «ИВК», Free Software Foundation, Inc. | АЛЬТ СП 10, FreeRDP | |
| FreeRDP | FreeRDP | < 3.21.0 |
Exploit Intelligence
- https://github.com/FreeRDP/FreeRDP/blob/3370e30e92a021eb680892dda14d642bc8b8727c/libfreerdp/cache/offscreen.c#L114-L122 (circl)
- https://github.com/FreeRDP/FreeRDP/blob/3370e30e92a021eb680892dda14d642bc8b8727c/libfreerdp/cache/offscreen.c#L87-L91 (circl)
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cfgj-vc84-f3pp (circl)
- https://altsp.su/obnovleniya-bezopasnosti/ (circl)
- https://github.com/FreeRDP/FreeRDP/releases/tag/3.21.0 (circl)
- CIRCL seen: CVE-2026-23884 (circl-sighting)
Timeline
- Jan 19, 2026 CVE Published
- Jan 19, 2026 PoC Published
- Jan 27, 2026 CVE Updated
References
- https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cfgj-vc84-f3pp url
- https://altsp.su/obnovleniya-bezopasnosti/ url
- https://github.com/FreeRDP/FreeRDP/releases/tag/3.21.0 advisory
- https://github.com/FreeRDP/FreeRDP/blob/3370e30e92a021eb680892dda14d642bc8b8727c/libfreerdp/cache/offscreen.c#L114-L122 url
- https://github.com/FreeRDP/FreeRDP/blob/3370e30e92a021eb680892dda14d642bc8b8727c/libfreerdp/cache/offscreen.c#L87-L91 url