CNNVD-202601-2344 Information

CNNVD ID

CNNVD-202601-2344

Related CVE

CVE-2026-22852

• CNNVD Published: 2026-01-14

Description (Chinese)

FreeRDP是FreeRDP团队的一款开源的远程桌面协议（RDP）的实现。 FreeRDP 3.20.1之前版本存在缓冲区错误漏洞，该漏洞源于处理音频输入格式列表时，恶意RDP服务器可触发堆缓冲区溢出写入，可能导致内存损坏和崩溃。

Description (English)

FreeRDP is an open-source remote desktop protocol (RDP) for the FreeRDP team. The previous version of FreeRDP 3.20.1 had an error loophole in the buffer zone, which arose from the fact that, when processing the audio input format list, the malicious RDP server could trigger a pile of buffer-spreading, which could lead to memory damage and collapse.

Hazard Level

High

Vulnerability Type

缓冲区错误

Affected Vendor

FreeRDP

Published

2026-01-14

Last Modified

2026-02-24

References

https://github.com/FreeRDP/FreeRDP/releases/tag/3.20.1 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9chc-g79v-4qq4 https://access.redhat.com/security/cve/cve-2026-22852

Patch

https://github.com/FreeRDP/FreeRDP/releases