CVE-2026-27951

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.23.0

Description The Stream EnsureCapacity function in FreeRDP versions prior to 3.23.0 can create an endless blocking loop. This issue may affect all client and server implementations using FreeRDP. Exploitation is practical on 32bit systems with physical memory greater than or equal to SIZE MAX.

Recommendations Update to version 3.23.0 or later.

Exploit

Fix

DoS

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALSA-2026:16019

ALSA-2026:16482

BDU:2026-04157

CVE-2026-27951

GHSA-QCFC-GHXR-H927

OESA-2026-2439

OESA-2026-2440

OESA-2026-2441

OESA-2026-2442

OPENSUSE-SU-2026:10611-1

OPENSUSE-SU-2026:20632-1

SUSE-SU-2026:1632-1

SUSE-SU-2026:1633-1

SUSE-SU-2026:1634-1

SUSE-SU-2026:1635-1

SUSE-SU-2026:1640-1

USN-8105-1

USN-8105-2

Affected Products

Freerdp

Linuxmint

Rocky Linux

Ubuntu

CVE-2026-27951

Weakness Enumeration

Related Identifiers

Affected Products

References · 103