{ "document": { "aggregate_severity": { "text": "Critical" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "CVE-2026-31806: Fix heap buffer overflow in nsc_process_message", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2026:1774277303", "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1774277303" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/centos7els/advisories/2026/clsa-2026_1774277303.json" } ], "tracking": { "current_release_date": "2026-03-30T09:42:07Z", "generator": { "date": "2026-03-30T09:42:07Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2026:1774277303", "initial_release_date": "2026-03-23T14:48:26Z", "revision_history": [ { "date": "2026-03-23T14:48:26Z", "number": "1", "summary": "Initial version" }, { "date": "2026-03-30T09:42:07Z", "number": "2", "summary": "Official Publication" } ], "status": "final", "version": "2" }, "title": "freerdp: Fix of CVE-2026-31806" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Community Enterprise Operating System 7", "product": { "name": "Community Enterprise Operating System 7", "product_id": "CentOS-7", "product_identification_helper": { "cpe": "cpe:2.3:o:centos:centos:7:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Community Enterprise Operating System" } ], "category": "vendor", "name": "Red Hat, Inc." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "freerdp-devel-0:2.1.1-5.el7_9.tuxcare.els17.i686", "product": { "name": "freerdp-devel-0:2.1.1-5.el7_9.tuxcare.els17.i686", "product_id": "freerdp-devel-0:2.1.1-5.el7_9.tuxcare.els17.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/freerdp-devel@2.1.1-5.el7_9.tuxcare.els17?arch=i686" } } }, { "category": "product_version", "name": "freerdp-libs-0:2.1.1-5.el7_9.tuxcare.els17.i686", "product": { "name": "freerdp-libs-0:2.1.1-5.el7_9.tuxcare.els17.i686", "product_id": "freerdp-libs-0:2.1.1-5.el7_9.tuxcare.els17.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/freerdp-libs@2.1.1-5.el7_9.tuxcare.els17?arch=i686" } } }, { "category": "product_version", "name": "libwinpr-devel-0:2.1.1-5.el7_9.tuxcare.els17.i686", "product": { "name": "libwinpr-devel-0:2.1.1-5.el7_9.tuxcare.els17.i686", "product_id": "libwinpr-devel-0:2.1.1-5.el7_9.tuxcare.els17.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/libwinpr-devel@2.1.1-5.el7_9.tuxcare.els17?arch=i686" } } }, { "category": "product_version", "name": "libwinpr-0:2.1.1-5.el7_9.tuxcare.els17.i686", "product": { "name": "libwinpr-0:2.1.1-5.el7_9.tuxcare.els17.i686", "product_id": "libwinpr-0:2.1.1-5.el7_9.tuxcare.els17.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/libwinpr@2.1.1-5.el7_9.tuxcare.els17?arch=i686" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "freerdp-devel-0:2.1.1-5.el7_9.tuxcare.els17.x86_64", "product": { "name": "freerdp-devel-0:2.1.1-5.el7_9.tuxcare.els17.x86_64", "product_id": "freerdp-devel-0:2.1.1-5.el7_9.tuxcare.els17.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/freerdp-devel@2.1.1-5.el7_9.tuxcare.els17?arch=x86_64" } } }, { "category": "product_version", "name": "freerdp-0:2.1.1-5.el7_9.tuxcare.els17.x86_64", "product": { "name": "freerdp-0:2.1.1-5.el7_9.tuxcare.els17.x86_64", "product_id": "freerdp-0:2.1.1-5.el7_9.tuxcare.els17.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/freerdp@2.1.1-5.el7_9.tuxcare.els17?arch=x86_64" } } }, { "category": "product_version", "name": "freerdp-libs-0:2.1.1-5.el7_9.tuxcare.els17.x86_64", "product": { "name": "freerdp-libs-0:2.1.1-5.el7_9.tuxcare.els17.x86_64", "product_id": "freerdp-libs-0:2.1.1-5.el7_9.tuxcare.els17.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/freerdp-libs@2.1.1-5.el7_9.tuxcare.els17?arch=x86_64" } } }, { "category": "product_version", "name": "libwinpr-devel-0:2.1.1-5.el7_9.tuxcare.els17.x86_64", "product": { "name": "libwinpr-devel-0:2.1.1-5.el7_9.tuxcare.els17.x86_64", "product_id": "libwinpr-devel-0:2.1.1-5.el7_9.tuxcare.els17.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/libwinpr-devel@2.1.1-5.el7_9.tuxcare.els17?arch=x86_64" } } }, { "category": "product_version", "name": "libwinpr-0:2.1.1-5.el7_9.tuxcare.els17.x86_64", "product": { "name": "libwinpr-0:2.1.1-5.el7_9.tuxcare.els17.x86_64", "product_id": "libwinpr-0:2.1.1-5.el7_9.tuxcare.els17.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/libwinpr@2.1.1-5.el7_9.tuxcare.els17?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "freerdp-devel-0:2.1.1-5.el7_9.tuxcare.els17.i686 as a component of Community Enterprise Operating System 7", "product_id": "CentOS-7:freerdp-devel-0:2.1.1-5.el7_9.tuxcare.els17.i686" }, "product_reference": "freerdp-devel-0:2.1.1-5.el7_9.tuxcare.els17.i686", "relates_to_product_reference": "CentOS-7" }, { "category": "default_component_of", "full_product_name": { "name": "freerdp-devel-0:2.1.1-5.el7_9.tuxcare.els17.x86_64 as a component of Community Enterprise Operating System 7", "product_id": "CentOS-7:freerdp-devel-0:2.1.1-5.el7_9.tuxcare.els17.x86_64" }, "product_reference": "freerdp-devel-0:2.1.1-5.el7_9.tuxcare.els17.x86_64", "relates_to_product_reference": "CentOS-7" }, { "category": "default_component_of", "full_product_name": { "name": "freerdp-0:2.1.1-5.el7_9.tuxcare.els17.x86_64 as a component of Community Enterprise Operating System 7", "product_id": "CentOS-7:freerdp-0:2.1.1-5.el7_9.tuxcare.els17.x86_64" }, "product_reference": "freerdp-0:2.1.1-5.el7_9.tuxcare.els17.x86_64", "relates_to_product_reference": "CentOS-7" }, { "category": "default_component_of", "full_product_name": { "name": "freerdp-libs-0:2.1.1-5.el7_9.tuxcare.els17.x86_64 as a component of Community Enterprise Operating System 7", "product_id": "CentOS-7:freerdp-libs-0:2.1.1-5.el7_9.tuxcare.els17.x86_64" }, "product_reference": "freerdp-libs-0:2.1.1-5.el7_9.tuxcare.els17.x86_64", "relates_to_product_reference": "CentOS-7" }, { "category": "default_component_of", "full_product_name": { "name": "freerdp-libs-0:2.1.1-5.el7_9.tuxcare.els17.i686 as a component of Community Enterprise Operating System 7", "product_id": "CentOS-7:freerdp-libs-0:2.1.1-5.el7_9.tuxcare.els17.i686" }, "product_reference": "freerdp-libs-0:2.1.1-5.el7_9.tuxcare.els17.i686", "relates_to_product_reference": "CentOS-7" }, { "category": "default_component_of", "full_product_name": { "name": "libwinpr-devel-0:2.1.1-5.el7_9.tuxcare.els17.x86_64 as a component of Community Enterprise Operating System 7", "product_id": "CentOS-7:libwinpr-devel-0:2.1.1-5.el7_9.tuxcare.els17.x86_64" }, "product_reference": "libwinpr-devel-0:2.1.1-5.el7_9.tuxcare.els17.x86_64", "relates_to_product_reference": "CentOS-7" }, { "category": "default_component_of", "full_product_name": { "name": "libwinpr-devel-0:2.1.1-5.el7_9.tuxcare.els17.i686 as a component of Community Enterprise Operating System 7", "product_id": "CentOS-7:libwinpr-devel-0:2.1.1-5.el7_9.tuxcare.els17.i686" }, "product_reference": "libwinpr-devel-0:2.1.1-5.el7_9.tuxcare.els17.i686", "relates_to_product_reference": "CentOS-7" }, { "category": "default_component_of", "full_product_name": { "name": "libwinpr-0:2.1.1-5.el7_9.tuxcare.els17.x86_64 as a component of Community Enterprise Operating System 7", "product_id": "CentOS-7:libwinpr-0:2.1.1-5.el7_9.tuxcare.els17.x86_64" }, "product_reference": "libwinpr-0:2.1.1-5.el7_9.tuxcare.els17.x86_64", "relates_to_product_reference": "CentOS-7" }, { "category": "default_component_of", "full_product_name": { "name": "libwinpr-0:2.1.1-5.el7_9.tuxcare.els17.i686 as a component of Community Enterprise Operating System 7", "product_id": "CentOS-7:libwinpr-0:2.1.1-5.el7_9.tuxcare.els17.i686" }, "product_reference": "libwinpr-0:2.1.1-5.el7_9.tuxcare.els17.i686", "relates_to_product_reference": "CentOS-7" } ] }, "vulnerabilities": [ { "cve": "CVE-2026-31806", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "description", "text": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, the gdi_surface_bits() function processes SURFACE_BITS_COMMAND messages sent by the RDP server. When the command is handled using NSCodec, the bmp.width and bmp.height values provided by the server are not properly validated against the actual desktop dimensions. A malicious RDP server can supply crafted bmp.width and bmp.height values that exceed the expected surface size. Because these values are used during bitmap decoding and memory operations without proper bounds checking, this can lead to a heap buffer overflow. Since the attacker can also control the associated pixel data transmitted by the server, the overflow may be exploitable to overwrite adjacent heap memory. This vulnerability is fixed in 3.24.0.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-7:freerdp-0:2.1.1-5.el7_9.tuxcare.els17.x86_64", "CentOS-7:freerdp-devel-0:2.1.1-5.el7_9.tuxcare.els17.i686", "CentOS-7:freerdp-devel-0:2.1.1-5.el7_9.tuxcare.els17.x86_64", "CentOS-7:freerdp-libs-0:2.1.1-5.el7_9.tuxcare.els17.i686", "CentOS-7:freerdp-libs-0:2.1.1-5.el7_9.tuxcare.els17.x86_64", "CentOS-7:libwinpr-0:2.1.1-5.el7_9.tuxcare.els17.i686", "CentOS-7:libwinpr-0:2.1.1-5.el7_9.tuxcare.els17.x86_64", "CentOS-7:libwinpr-devel-0:2.1.1-5.el7_9.tuxcare.els17.i686", "CentOS-7:libwinpr-devel-0:2.1.1-5.el7_9.tuxcare.els17.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-31806" }, { "category": "external", "summary": "https://github.com/FreeRDP/FreeRDP/commit/83d9aedea278a74af3e490ff5eeb889c016dbb2b", "url": "https://github.com/FreeRDP/FreeRDP/commit/83d9aedea278a74af3e490ff5eeb889c016dbb2b" }, { "category": "external", "summary": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rrqm-46rj-cmx2", "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rrqm-46rj-cmx2" } ], "release_date": "2026-03-13T19:54:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-03-23T14:48:26.971481Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1774277303", "product_ids": [ "CentOS-7:freerdp-0:2.1.1-5.el7_9.tuxcare.els17.x86_64", "CentOS-7:freerdp-devel-0:2.1.1-5.el7_9.tuxcare.els17.i686", "CentOS-7:freerdp-devel-0:2.1.1-5.el7_9.tuxcare.els17.x86_64", "CentOS-7:freerdp-libs-0:2.1.1-5.el7_9.tuxcare.els17.i686", "CentOS-7:freerdp-libs-0:2.1.1-5.el7_9.tuxcare.els17.x86_64", "CentOS-7:libwinpr-0:2.1.1-5.el7_9.tuxcare.els17.i686", "CentOS-7:libwinpr-0:2.1.1-5.el7_9.tuxcare.els17.x86_64", "CentOS-7:libwinpr-devel-0:2.1.1-5.el7_9.tuxcare.els17.i686", "CentOS-7:libwinpr-devel-0:2.1.1-5.el7_9.tuxcare.els17.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1774277303" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-7:freerdp-0:2.1.1-5.el7_9.tuxcare.els17.x86_64", "CentOS-7:freerdp-devel-0:2.1.1-5.el7_9.tuxcare.els17.i686", "CentOS-7:freerdp-devel-0:2.1.1-5.el7_9.tuxcare.els17.x86_64", "CentOS-7:freerdp-libs-0:2.1.1-5.el7_9.tuxcare.els17.i686", "CentOS-7:freerdp-libs-0:2.1.1-5.el7_9.tuxcare.els17.x86_64", "CentOS-7:libwinpr-0:2.1.1-5.el7_9.tuxcare.els17.i686", "CentOS-7:libwinpr-0:2.1.1-5.el7_9.tuxcare.els17.x86_64", "CentOS-7:libwinpr-devel-0:2.1.1-5.el7_9.tuxcare.els17.i686", "CentOS-7:libwinpr-devel-0:2.1.1-5.el7_9.tuxcare.els17.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ] } ] }