Primary

Context

FreeRDP Heap Buffer Overflow Vulnerability in URBDRC Client Prior to 3.22.0

Vulnerability

Patched

A heap buffer overflow vulnerability has been identified in the FreeRDP URBDRC client, affecting versions through 3.21.0. The issue arises because the client uses server-supplied interface numbers as array indices without proper bounds checks. This flaw leads to an out-of-bounds read in the 'libusb_udev_select_interface' function, which can be exploited by a malicious server to cause a client-side crash, disrupt service, and potentially corrupt the heap. Depending on the behavior of the memory allocator and the surrounding heap layout, there could be a risk of code execution.

Impact

Exploitation of this vulnerability causes a crash and a denial-of-service condition on the client. However, it also introduces the risk of heap corruption, which could be exploited for arbitrary code execution, depending on the allocator's behavior and the layout of the heap.

Remediation

Users can upgrade to FreeRDP version 3.22.0 or later to address this vulnerability.

Added: Feb 9, 2026, 7:23 PM

Updated: Feb 9, 2026, 10:01 PM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

4.9

remediation

7.7

relevance

2.6

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

4.9

remediation

7.7

relevance

2.6

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

FreeRDP Heap Buffer Overflow Vulnerability in URBDRC Client Prior to 3.22.0

Vulnerability

Impact

Remediation

Affected Products

FreeRDP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating