Description
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, sdl_Pointer_New frees data on failure, then pointer_free calls sdl_Pointer_Free and frees it again, triggering ASan UAF. This vulnerability is fixed in 3.22.0.
Published: 2026-02-09
Score: 8.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Patch Now
AI Analysis

Impact

FreeRDP employs a heap‑based use‑after‑free bug when processing SDL pointer updates. During sdl_Pointer_New a failure triggers a free, after which pointer_free attempts to free the same object again, leading to an ASan reported UAF. This flaw fits CWE‑416 and CWE‑825 and may allow a remote RDP client to corrupt memory, potentially executing arbitrary code on the target system.

Affected Systems

The flaw affects the FreeRDP open‑source RDP implementation before version 3.22.0. Users of any FreeRDP package that includes the SDL pointer handling path are vulnerable. The issue was addressed in release 3.22.0; the commit that contains the fix is referenced in the advisory.

Risk and Exploitability

The CVSS score is 8.7, indicating a high‑severity vulnerability, while the EPSS probability is below 1% and the flaw is not in the CISA KEV list. Attackers could trigger the use‑after‑free by sending crafted pointer update messages from a remote RDP session or by exploiting a vulnerable client connecting to a target. Successful exploitation requires remote connectivity to the vulnerable program and the ability to induce the fault condition during pointer handling.

Generated by OpenCVE AI on April 18, 2026 at 18:15 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade FreeRDP to version 3.22.0 or later, which contains the fix for the heap‑use‑after‑free bug.
  • Use an alternative RDP client that does not expose the vulnerable SDL pointer handling code path.
  • Restrict remote desktop connections to trusted networks or enforce VPN usage, ensuring that only authenticated clients can establish RDP sessions.

Generated by OpenCVE AI on April 18, 2026 at 18:15 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Ubuntu USN Ubuntu USN USN-8042-1 FreeRDP vulnerabilities
History

Tue, 10 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 10 Feb 2026 15:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

 cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Tue, 10 Feb 2026 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Freerdp
Freerdp freerdp
Vendors & Products Freerdp
Freerdp freerdp

Tue, 10 Feb 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-825
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

threat_severity

Moderate

Mon, 09 Feb 2026 18:45:00 +0000

Type Values Removed Values Added
Description FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, sdl_Pointer_New frees data on failure, then pointer_free calls sdl_Pointer_Free and frees it again, triggering ASan UAF. This vulnerability is fixed in 3.22.0.
Title FreeRDP has a heap-use-after-free in update_pointer_new(SDL)
Weaknesses CWE-416
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Freerdp Freerdp
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-02-10T16:02:05.475Z

Reserved: 2026-01-23T20:40:23.388Z

Link: CVE-2026-24680

cve-icon Vulnrichment

Updated: 2026-02-10T15:40:04.700Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-09T19:15:49.477

Modified: 2026-02-10T15:06:48.767

Link: CVE-2026-24680

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-02-09T18:19:45Z

Links: CVE-2026-24680 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T18:30:07Z

Weaknesses