Main Vulnerability Database Vulnerabilities #VU134505

Heap-based buffer overflow in FreeRDP - #VU134505

Published: June 15, 2026

Vulnerability identifier: #VU134505

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: N/A

CWE-ID: CWE-122

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: FreeRDP

Affected software:
FreeRDP

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code or cause a denial of service.

The vulnerability exists due to heap-based buffer overflow in rpc_client_recv_fragment() in the TS Gateway RPC response reassembly logic when processing a crafted PTYPE_RESPONSE PDU on the RPC OUT channel after gateway negotiation. A remote attacker can send a specially crafted gateway response with a small alloc_hint and oversized stub data to execute arbitrary code or cause a denial of service.

Only FreeRDP clients using TS Gateway / RD Gateway transport are affected; direct RDP connections without the gateway RPC layer are not affected. In default builds the issue may abort via an assertion, while release builds without assertion enforcement may permit exploitation.

Remediation

Install security update from vendor's website.

Heap-based buffer overflow in FreeRDP - #VU134505

Detailed vulnerability description

Remediation

Sources

Please verify you're human