CVE-2026-25942

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-25942
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-25942.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-25942
Aliases
  • GHSA-78q6-67m7-wwf6
Downstream
Related
Published
2026-02-25T20:01:16.472Z
Modified
2026-04-11T03:29:11.763986Z
Severity
  • 5.5 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
FreeRDP has global-buffer-overflow in xf_rail_server_execute_result
Details

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xf_rail_server_execute_result indexes the global error_code_names[] array (7 elements, indices 0–6) with an unchecked execResult->execResult value received from the server, allowing an out-of-bounds read when the server sends an execResult value of 7 or greater. Version 3.23.0 fixes the issue.

Database specific 
{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-125"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/25xxx/CVE-2026-25942.json"
}
References

Affected packages

Git / github.com/freerdp/freerdp

Affected ranges

Type
GIT
Repo
https://github.com/freerdp/freerdp
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
b933ae18d9ad2a1d73c610868fcc30eb61654070
Fixed
9362a0bf8dda04eedbca07d5dfaec1044e67cc6b
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.23.0"
        }
    ]
}

Affected versions

1.*
1.0-beta1
1.0-beta2
1.0-beta4
1.0-beta5
1.0.0
1.0.1
1.1.0-beta+2013071101
1.1.0-beta1
1.1.0-beta1+android2
1.1.0-beta1+android3
1.1.0-beta1+android4
1.1.0-beta1+android5
1.1.0-beta1+ios1
1.1.0-beta1+ios2
1.1.0-beta1+ios3
1.1.0-beta1+ios4
1.2.0-beta1+android7
1.2.0-beta1+android9
2.*
2.0.0
2.0.0-beta1+android10
2.0.0-beta1+android11
2.0.0-rc0
2.0.0-rc1
2.0.0-rc2
2.0.0-rc3
2.0.0-rc4
3.*
3.0.0
3.0.0-beta1
3.0.0-beta2
3.0.0-beta3
3.0.0-beta4
3.0.0-rc0
3.1.0
3.2.0
3.3.0
3.4.0
3.5.0
3.5.1

Database specific

vanir_signatures_modified 
"2026-04-11T03:29:11Z"
source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-25942.json"
vanir_signatures 
[
    {
        "target": {
            "function": "xf_rail_server_local_move_size",
            "file": "client/X11/xf_rail.c"
        },
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "length": 1874.0,
            "function_hash": "157890305385061828128230911050819752003"
        },
        "id": "CVE-2026-25942-2f251737",
        "source": "https://github.com/freerdp/freerdp/commit/9362a0bf8dda04eedbca07d5dfaec1044e67cc6b",
        "signature_type": "Function"
    },
    {
        "target": {
            "function": "xf_rail_server_execute_result",
            "file": "client/X11/xf_rail.c"
        },
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "length": 404.0,
            "function_hash": "267124141617776130271641569418904159883"
        },
        "id": "CVE-2026-25942-c2293b38",
        "source": "https://github.com/freerdp/freerdp/commit/9362a0bf8dda04eedbca07d5dfaec1044e67cc6b",
        "signature_type": "Function"
    },
    {
        "target": {
            "file": "client/X11/xf_rail.c"
        },
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "274792506874496459102604060627999557217",
                "29704318137324166710309174109218349109",
                "31522409616958130870131943800227995537",
                "12977601552747420968993811422479196633",
                "199278152836243997604550025689589771633",
                "118338195321814439701537094657011138603",
                "219223886182103059882893669593964507322",
                "317385643421685847198600480704453259078",
                "90529802712866483965844210489042596985",
                "316712593381048293977765921124381541310",
                "97345523466641465107632473391092633639",
                "251841573929820098642733185876484597220",
                "220196689429657012139337965585673273344",
                "180758401460344006522499221283605824064",
                "313661415332558818444818504732083689651",
                "42970504393761082028920301355591076415",
                "89306845340069181431925794348709493775",
                "245390707900901727689720048044021199326",
                "82747945917009993361871585712100795486",
                "185761012378332362506204018860787916326",
                "328865994769667443121189605775337657290",
                "318097991016844082661668884981046811131",
                "22598601961555198442481319427116310949",
                "60007811062762010104299274604893722117",
                "309168506121792150715190534016009843880",
                "63536757678551712197685887136733869493"
            ]
        },
        "id": "CVE-2026-25942-ecf637d5",
        "source": "https://github.com/freerdp/freerdp/commit/9362a0bf8dda04eedbca07d5dfaec1044e67cc6b",
        "signature_type": "Line"
    }
]