CNNVD-202601-2346 Information
CNNVD ID
CNNVD-202601-2346
Related CVE
- CNNVD Published: 2026-01-14
Description (Chinese)
FreeRDP是FreeRDP团队的一款开源的远程桌面协议(RDP)的实现。 FreeRDP 3.20.1之前版本存在安全漏洞,该漏洞源于驱动器读取时,服务器控制的读取长度用于将文件数据读入IRP输出流缓冲区而无硬性上限,可能导致超大读取覆盖堆内存。
Description (English)
FreeRDP is an open-source remote desktop protocol (RDP) for the FreeRDP team. There was a security loophole in the previous version of FreeRDP 3.20.1, which originated when the drive was read, and the server controlled reading length was used to read file data into the IRP output stream buffer without a hard cap, which could lead to over-large read-over memory.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
FreeRDP
Published
2026-01-14
Last Modified
2026-02-24
References
https://github.com/FreeRDP/FreeRDP/releases/tag/3.20.1 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-47vj-g3c3-3rmf https://access.redhat.com/security/cve/cve-2026-22854
Patch
https://github.com/FreeRDP/FreeRDP/releases
Share on: