CNNVD-202601-2349 Information

CNNVD ID

CNNVD-202601-2349

Related CVE

CVE-2026-22855

• CNNVD Published: 2026-01-14

Description (Chinese)

FreeRDP是FreeRDP团队的一款开源的远程桌面协议（RDP）的实现。 FreeRDP 3.20.1之前版本存在缓冲区错误漏洞，该漏洞源于智能卡SetAttrib路径中，当cbAttrLen与实际NDR缓冲区长度不匹配时发生堆越界读取。

Description (English)

FreeRDP is an open-source remote desktop protocol (RDP) for the FreeRDP team. The previous version of FreeRDP 3.20.1 had an error loophole in the buffer zone, which originated in the smart card SetAttrib path, when cbAtttrlen crossed the border when it did not match the length of the actual NDR buffer zone.

Hazard Level

High

Vulnerability Type

缓冲区错误

Affected Vendor

FreeRDP

Published

2026-01-14

Last Modified

2026-02-24

References

https://github.com/FreeRDP/FreeRDP/releases/tag/3.20.1 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rwp3-g84r-6mx9 https://access.redhat.com/security/cve/cve-2026-22855

Patch

https://github.com/FreeRDP/FreeRDP/releases