Impact
FreeRDP, the open‑source Remote Desktop Protocol implementation, contains a heap‑buffer‑overflow flaw in its server‑side clipboard (cliprdr) channel. The vulnerability is triggered when a malicious RDP client sends a CB_CLIP_CAPS packet with an undersized capabilitySetLength, causing an out‑of‑bounds heap write. The result is a server crash that provides a remote denial‑of‑service, and the corrupted heap state creates a realistic possibility for arbitrary code execution. This weakness is a classic heap corruption problem classified as CWE‑122.
Affected Systems
All FreeRDP server installations running a version older than 3.26.0 are affected, regardless of the operating system. The flaw exists in the cliprdr channel, so any deployment that has this channel enabled is vulnerable. The issue was resolved in release 3.26.0; systems that have not applied the update remain exposed.
Risk and Exploitability
The CVSS score of 8.8 indicates high severity, and the EPSS score of 4% suggests a modest likelihood of exploitation in the current environment. The vulnerability is not listed in the CISA KEV catalog. The exploit can be carried out remotely via an RDP session: an attacker who can reach the target over the network and initiate an RDP connection can send the malformed packet, triggering the overflow.
OpenCVE Enrichment