PT-2026-29136 · Freerdp+2 · Freerdp+2

Calvinytt

Publicado

2026-01-01

Atualizado

2026-06-15

CVE-2026-33983

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.24.2

Description FreeRDP is a free implementation of the Remote Desktop Protocol. The progressive decompress tile upgrade() function detects a mismatch through progressive rfx quant cmp equal() but only emits a warning, allowing execution to continue. A wrapped value (247) is used as a shift exponent, leading to undefined behavior and a loop of approximately 80 billion iterations, resulting in a CPU denial of service (DoS).

Recommendations Update to version 3.24.2 or later.

Exploit

Correção

DoS

Integer Overflow

Unchecked Return Value

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-190CWE-252

Identificadores relacionados

ALSA-2026:8457

ALSA-2026:8458

ALSA-2026:8945

BDU:2026-04670

CVE-2026-33983

GHSA-4GFM-4P52-H478

OESA-2026-2036

OESA-2026-2037

OESA-2026-2038

OESA-2026-2039

OESA-2026-2040

OPENSUSE-SU-2026:10633-1

OPENSUSE-SU-2026:20657-1

RHSA-2026:10709

RHSA-2026:11332

RHSA-2026:11333

RHSA-2026:11336

RHSA-2026:11649

RHSA-2026:11651

RHSA-2026:12359

RHSA-2026:12388

RHSA-2026:19349

RHSA-2026:8457

RHSA-2026:8458

RHSA-2026:8945

RHSA-2026:9656

SUSE-SU-2026:21436-1

Produtos afetados

Freerdp

Red Os

Rocky Linux

PT-2026-29136 · Freerdp+2 · Freerdp+2

CVE-2026-33983

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 58