Description
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in persistent_cache_read_entry_v3() in libfreerdp/cache/persistent.c, persistent->bmpSize is updated before winpr_aligned_recalloc(). If realloc fails, bmpSize is inflated while bmpData points to the old buffer. This issue has been patched in version 3.24.2.
Published: 2026-03-30
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

FreeRDP processes persistent cache entries by updating the bitmap size field before allocating new memory. When the allocation fails, the size is inflated while the data pointer still refers to the old buffer, permitting an out‑of‑bounds write on the heap. An attacker who can supply a crafted Remote Desktop Protocol stream that triggers this path can corrupt adjacent heap objects, leading to denial of service or arbitrary code execution depending on which objects are overwritten.

Affected Systems

All FreeRDP installations older than version 3.24.2, including both client and server components, are affected. Deployments that have not applied the 3.24.2 patch or any later release are susceptible.

Risk and Exploitability

The vulnerability’s CVSS score of 7.1 indicates high severity, yet no exploit probability metric is available and the issue is not listed in the CISA known exploited catalog. The flaw is network‑based, as an attacker can send a specially formed persistent cache entry over an RDP session to trigger the overflow. While a publicly documented exploit is not available, the ability to corrupt heap memory makes remote code execution a realistic risk.

Generated by OpenCVE AI on March 31, 2026 at 06:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade FreeRDP to version 3.24.2 or newer.
  • Confirm that the running binary reflects the updated version.
  • If an update cannot be applied immediately, restrict RDP connections to trusted hosts and limit exposure of the default RDP port to external networks.
  • Monitor RDP logs and system stability for abnormal crashes or unexpected behavior.

Generated by OpenCVE AI on March 31, 2026 at 06:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Freerdp
Freerdp freerdp
Vendors & Products Freerdp
Freerdp freerdp

Tue, 31 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 31 Mar 2026 03:00:00 +0000

Type Values Removed Values Added
Description FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in persistent_cache_read_entry_v3() in libfreerdp/cache/persistent.c, persistent->bmpSize is updated before winpr_aligned_recalloc(). If realloc fails, bmpSize is inflated while bmpData points to the old buffer. This issue has been patched in version 3.24.2.
Title FreeRDP: Persistent Cache bmpSize Desync - Heap OOB Write
Weaknesses CWE-122
CWE-131
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H'}

Subscriptions

Freerdp Freerdp
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-31T15:32:44.898Z

Reserved: 2026-03-24T22:20:06.211Z

Link: CVE-2026-33987

cve-icon Vulnrichment

Updated: 2026-03-31T15:32:40.584Z

cve-icon NVD

Status : Received

Published: 2026-03-30T22:16:20.017

Modified: 2026-03-30T22:16:20.017

Link: CVE-2026-33987

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-31T20:39:52Z

Weaknesses