CNNVD-202601-2347 Information

CNNVD ID

CNNVD-202601-2347

Related CVE

CVE-2026-22853

• CNNVD Published: 2026-01-14

Description (Chinese)

FreeRDP是FreeRDP团队的一款开源的远程桌面协议（RDP）的实现。 FreeRDP 3.20.1之前版本存在缓冲区错误漏洞，该漏洞源于RDPEAR的NDR数组读取器未对在线元素计数执行边界检查，可能导致堆缓冲区溢出。

Description (English)

FreeRDP is an open-source remote desktop protocol (RDP) for the FreeRDP team. The previous version of FreeRDP 3.20.1 had an error loophole in the buffer zone, which arose from the fact that the NDR array reader of RDPEAR did not perform border checks on the online element count, which could result in spilling over the buffer zone.

Hazard Level

High

Vulnerability Type

缓冲区错误

Affected Vendor

FreeRDP

Published

2026-01-14

Last Modified

2026-02-24

References

https://github.com/FreeRDP/FreeRDP/releases/tag/3.20.1 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-47v9-p4gp-w5ch https://access.redhat.com/security/cve/cve-2026-22853

Patch

https://github.com/FreeRDP/FreeRDP/releases