Alpine: multiple freerdp packages: security update to 3.22.0-r0

high Tenable Self-Hosted Container Security Plugin ID 437642

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, offscreen bitmap
deletion leaves `gdi->drawing` pointing to freed memory, causing UAF when related update packets arrive. A
malicious server can trigger a client‑side use after free, causing a crash (DoS) and potential heap
corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version
3.21.0 contains a patch for the issue. (CVE-2026-23884)

- FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race condition between
the RDPGFX dynamic virtual channel thread and the SDL render thread leads to a heap use-after-free.
Specifically, an escaped pointer to sdl->primary (SDL_Surface) is accessed after it has been freed during
RDPGFX ResetGraphics handling. This vulnerability is fixed in 3.20.1. (CVE-2026-22851)

- FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a malicious RDP server
can trigger a heap-buffer-overflow write in the FreeRDP client when processing Audio Input (AUDIN) format
lists. audin_process_formats reuses callback->formats_count across multiple MSG_SNDIN_FORMATS PDUs and
writes past the newly allocated formats array, causing memory corruption and a crash. This vulnerability
is fixed in 3.20.1. (CVE-2026-22852)

- FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, RDPEAR’s NDR array
reader does not perform bounds checking on the on‑wire element count and can write past the heap buffer
allocated from hints, causing a heap buffer overflow in ndr_read_uint8Array. This vulnerability is fixed
in 3.20.1. (CVE-2026-22853)

- FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap-buffer-overflow
occurs in drive read when a server-controlled read length is used to read file data into an IRP output
stream buffer without a hard upper bound, allowing an oversized read to overwrite heap memory. This
vulnerability is fixed in 3.20.1. (CVE-2026-22854)

See Also

https://security.alpinelinux.org/vuln/CVE-2026-22851

https://security.alpinelinux.org/vuln/CVE-2026-22852

https://security.alpinelinux.org/vuln/CVE-2026-22853

https://security.alpinelinux.org/vuln/CVE-2026-22854

https://security.alpinelinux.org/vuln/CVE-2026-22855

https://security.alpinelinux.org/vuln/CVE-2026-22856

https://security.alpinelinux.org/vuln/CVE-2026-22857

https://security.alpinelinux.org/vuln/CVE-2026-22858

https://security.alpinelinux.org/vuln/CVE-2026-22859

https://security.alpinelinux.org/vuln/CVE-2026-23530

https://security.alpinelinux.org/vuln/CVE-2026-23531

https://security.alpinelinux.org/vuln/CVE-2026-23532

https://security.alpinelinux.org/vuln/CVE-2026-23533

https://security.alpinelinux.org/vuln/CVE-2026-23534

https://security.alpinelinux.org/vuln/CVE-2026-23732

https://security.alpinelinux.org/vuln/CVE-2026-23883

https://security.alpinelinux.org/vuln/CVE-2026-23884

https://security.alpinelinux.org/vuln/CVE-2026-23948

https://security.alpinelinux.org/vuln/CVE-2026-24491

https://security.alpinelinux.org/vuln/CVE-2026-24675

https://security.alpinelinux.org/vuln/CVE-2026-24676

https://security.alpinelinux.org/vuln/CVE-2026-24677

https://security.alpinelinux.org/vuln/CVE-2026-24678

https://security.alpinelinux.org/vuln/CVE-2026-24679

https://security.alpinelinux.org/vuln/CVE-2026-24680

https://security.alpinelinux.org/vuln/CVE-2026-24681

https://security.alpinelinux.org/vuln/CVE-2026-24682

https://security.alpinelinux.org/vuln/CVE-2026-24683

https://security.alpinelinux.org/vuln/CVE-2026-24684

Plugin Details

Severity: High

ID: 437642

Version: Revision 1.4

Type: Local

Published: 2/10/2026

Updated: 6/1/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 57.49

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2026-23884

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS v4

Risk Factor: High

Base Score: 8.7

Threat Score: 8.7

Threat Vector: CVSS:4.0/E:P

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

CVSS Score Source: CVE-2026-24684

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 1/14/2026

Reference Information

CVE: CVE-2026-22851, CVE-2026-22852, CVE-2026-22853, CVE-2026-22854, CVE-2026-22855, CVE-2026-22856, CVE-2026-22857, CVE-2026-22858, CVE-2026-22859, CVE-2026-23530, CVE-2026-23531, CVE-2026-23532, CVE-2026-23533, CVE-2026-23534, CVE-2026-23732, CVE-2026-23883, CVE-2026-23884, CVE-2026-23948, CVE-2026-24491, CVE-2026-24675, CVE-2026-24676, CVE-2026-24677, CVE-2026-24678, CVE-2026-24679, CVE-2026-24680, CVE-2026-24681, CVE-2026-24682, CVE-2026-24683, CVE-2026-24684

IAVA: 2026-A-0099