CNNVD-202512-3172 Information

CNNVD ID

CNNVD-202512-3172

Related CVE

CVE-2025-68118

• CNNVD Published: 2025-12-17

Description (Chinese)

FreeRDP是FreeRDP团队的一款开源的远程桌面协议（RDP）的实现。 FreeRDP 3.20.0之前版本存在缓冲区错误漏洞，该漏洞源于证书处理代码中未保证NUL终止，可能导致堆越界读取。

Description (English)

FreeRDP is an open-source remote desktop protocol (RDP) for the FreeRDP team. The previous version of FreeRDP 3.20.0 had an error loophole in the buffer zone, which stemmed from the lack of assurance in the certificate processing code that the NUL would be terminated, which could lead to cross-border reading of the stack.

Hazard Level

High

Vulnerability Type

缓冲区错误

Affected Vendor

FreeRDP

Published

2025-12-17

Last Modified

2026-02-24

References

https://github.com/FreeRDP/FreeRDP/commit/a0b21f992a9de1de2468fc9e600aa2b7a4066307 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-h78c-5cjx-jw6x https://access.redhat.com/security/cve/cve-2025-68118

Patch

https://www.freerdp.com/