CNNVD-202601-2352 Information

CNNVD ID

CNNVD-202601-2352

Related CVE

CVE-2026-22856

• CNNVD Published: 2026-01-14

Description (Chinese)

FreeRDP是FreeRDP团队的一款开源的远程桌面协议（RDP）的实现。 FreeRDP 3.20.1之前版本存在资源管理错误漏洞，该漏洞源于串行通道IRP线程跟踪中的竞争条件，可能导致堆释放后重用。

Description (English)

FreeRDP is an open-source remote desktop protocol (RDP) for the FreeRDP team. The previous version of FreeRDP 3.20.1 had a resource management error loophole, which stemmed from competitive conditions in the IRP line-tracking of the serial channel, which could lead to re-use of the stack after release.

Hazard Level

High

Vulnerability Type

资源管理错误

Affected Vendor

FreeRDP

Published

2026-01-14

Last Modified

2026-02-24

References

https://github.com/FreeRDP/FreeRDP/releases/tag/3.20.1 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-w842-c386-fxhv https://access.redhat.com/security/cve/cve-2026-22856

Patch

https://github.com/FreeRDP/FreeRDP/releases