CVE-2025-68118

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.20.0

Description FreeRDP is a free implementation of the Remote Desktop Protocol. A flaw exists in the certificate handling code on Windows platforms. The freerdp certificate data hash function utilizes the snprintf function to format certificate cache filenames without ensuring NUL termination when truncation happens. Microsoft documentation indicates that snprintf doesn't add a terminating NUL byte if the output exceeds the buffer size. An attacker controlling the hostname value, potentially through server redirection or a crafted .rdp file, could cause the filename buffer to lack NUL termination. Subsequent string operations on this buffer may lead to a heap-based out-of-bounds read. While the connection usually terminates before sensitive data is exposed, a client crash or unintended memory read may occur.

Recommendations Update to version 3.20.0 or later.