CVE-2026-24679

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-24679
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-24679.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-24679
Aliases
  • GHSA-2jp4-67x6-gv7x
Downstream
Related
Published
2026-02-09T18:19:00.409Z
Modified
2026-04-17T13:29:14.655226646Z
Severity
  • 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Summary
FreeRDP has a heap-buffer-overflow in urb_select_interface
Details

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, The URBDRC client uses server-supplied interface numbers as array indices without bounds checks, causing an out-of-bounds read in libusbudevselect_interface. This vulnerability is fixed in 3.22.0.

Database specific 
{
    "cwe_ids": [
        "CWE-122"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/24xxx/CVE-2026-24679.json",
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/freerdp/freerdp

Affected ranges

Type
GIT
Repo
https://github.com/freerdp/freerdp
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
e3ef4c71138f76516299cb3637d2d0c59b2a3737
Fixed
2d563a50be17c1b407ca448b1321378c0726dd31
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.22.0"
        }
    ]
}

Affected versions

1.*
1.0-beta1
1.0-beta2
1.0-beta4
1.0-beta5
1.0.0
1.0.1
1.1.0-beta+2013071101
1.1.0-beta1
1.1.0-beta1+android2
1.1.0-beta1+android3
1.1.0-beta1+android4
1.1.0-beta1+android5
1.1.0-beta1+ios1
1.1.0-beta1+ios2
1.1.0-beta1+ios3
1.1.0-beta1+ios4
1.2.0-beta1+android7
1.2.0-beta1+android9
2.*
2.0.0
2.0.0-beta1+android10
2.0.0-beta1+android11
2.0.0-rc0
2.0.0-rc1
2.0.0-rc2
2.0.0-rc3
2.0.0-rc4
3.*
3.0.0
3.0.0-beta1
3.0.0-beta2
3.0.0-beta3
3.0.0-beta4
3.0.0-rc0
3.1.0
3.2.0
3.3.0
3.4.0
3.5.0
3.5.1

Database specific

vanir_signatures 
[
    {
        "signature_version": "v1",
        "signature_type": "Function",
        "source": "https://github.com/freerdp/freerdp/commit/2d563a50be17c1b407ca448b1321378c0726dd31",
        "id": "CVE-2026-24679-e20fb56d",
        "target": {
            "function": "libusb_udev_select_interface",
            "file": "channels/urbdrc/client/libusb/libusb_udevice.c"
        },
        "deprecated": false,
        "digest": {
            "function_hash": "295170226671850497642590712585952831913",
            "length": 745.0
        }
    },
    {
        "signature_version": "v1",
        "signature_type": "Line",
        "id": "CVE-2026-24679-f0461e5e",
        "source": "https://github.com/freerdp/freerdp/commit/2d563a50be17c1b407ca448b1321378c0726dd31",
        "target": {
            "file": "channels/urbdrc/client/libusb/libusb_udevice.c"
        },
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "289110917090092791910367067543110179976",
                "224555856128836788439497732569448467642",
                "106013960778365642325691726339577017310",
                "231684039954773429561328072886371228065",
                "195017296309831155240578947176374613155",
                "286843780007951400026076786531711093008",
                "244981116816099467654243620353215497637",
                "274843390313114455116321778362047783223",
                "332293968960690713468619468499087394490",
                "59048331770676418557837128762076222222",
                "221827202610751428288980493502676734816",
                "79817055730880369538922170107446074047",
                "190654560618775850904365632955083892931"
            ]
        }
    }
]
source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-24679.json"
vanir_signatures_modified 
"2026-04-16T14:50:17Z"