Heap-based buffer overflow in FreeRDP - #VU136920
Published: July 6, 2026
FreeRDP
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service and potentially execute arbitrary code.
The vulnerability exists due to heap-based buffer overflow in crypto_rsa_common() when decrypting a client-supplied encrypted client random during server key establishment. A remote attacker can send a specially crafted ciphertext to cause a denial of service and potentially execute arbitrary code.
The issue is reachable pre-authentication on server-side deployments that permit RDP Standard Security, and user interaction is not required.