CNNVD-202601-2345 Information

CNNVD ID

CNNVD-202601-2345

Related CVE

CVE-2026-22851

• CNNVD Published: 2026-01-14

Description (Chinese)

FreeRDP是FreeRDP团队的一款开源的远程桌面协议（RDP）的实现。 FreeRDP 3.20.1之前版本存在资源管理错误漏洞，该漏洞源于RDPGFX动态虚拟通道线程和SDL渲染线程之间的竞争条件，可能导致堆释放后重用。

Description (English)

FreeRDP is an open-source remote desktop protocol (RDP) for the FreeRDP team. The previous version of FreeRDP 3.20.1 had a resource management error gap, which stemmed from the competitive conditions between the RDPGFX dynamic virtual route and the SDL rendering line, which could lead to re-use of the stack after release.

Hazard Level

High

Vulnerability Type

资源管理错误

Affected Vendor

FreeRDP

Published

2026-01-14

Last Modified

2026-02-24

References

https://github.com/FreeRDP/FreeRDP/releases/tag/3.20.1 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8g87-6pvc-wh99 https://access.redhat.com/security/cve/cve-2026-22851

Patch

https://github.com/FreeRDP/FreeRDP/releases