FreeRDP Heap-Buffer-Overflow Vulnerability (CVE-2026-33982)
A heap-buffer-overflow read vulnerability exists in FreeRDP versions prior to 3.24.2, specifically in the winpr_aligned_offset_recalloc() function, potentially leading to denial of service or information disclosure.
CVE-2026-33982 is a heap-buffer-overflow READ vulnerability affecting FreeRDP, a widely used open-source implementation of the Remote Desktop Protocol (RDP). The vulnerability exists in versions prior to 3.24.2 and is located within the winpr_aligned_offset_recalloc() function. Specifically, the flaw occurs due to an out-of-bounds read 24 bytes before the allocated buffer, which could be triggered during specific RDP operations involving memory reallocation. Successful exploitation can lead…
Detection coverage 2
Detect FreeRDP Heap Buffer Overflow
mediumDetects potential exploitation attempts of FreeRDP heap buffer overflow vulnerability CVE-2026-33982 by monitoring for FreeRDP process creation.
Detect FreeRDP process crash
mediumDetects FreeRDP process crash that may be caused by heap buffer overflow vulnerability CVE-2026-33982.
Detection queries are kept inside the platform. Get full rules →
Indicators of compromise
1