Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
FreeRDP Remote Desktop Protocol May Freeze 32-Bit Systems
CVE-2026-27951
Summary
FreeRDP, a free Remote Desktop Protocol implementation, has a bug that can cause 32-bit systems to freeze. This affects both clients and servers using FreeRDP. Update to version 3.23.0 or later to fix the issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| freerdp | freerdp | <= 3.23.0 | – |
Original title
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, the function `Stream_EnsureCapacity` can create an endless blocking loop. This may affect all client and se...
Original description
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, the function `Stream_EnsureCapacity` can create an endless blocking loop. This may affect all client and server implementations using `FreeRDP`. For practical exploitation this will only work on 32bit systems where the available physical memory is `>= SIZE_MAX`. Version 3.23.0 contains a patch. No known workarounds are available.
nvd CVSS3.1
7.5
Vulnerability type
CWE-190
Integer Overflow
Published: 25 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026