CNNVD-202601-2357 Information

CNNVD ID

CNNVD-202601-2357

Related CVE

CVE-2026-22857

• CNNVD Published: 2026-01-14

Description (Chinese)

FreeRDP是FreeRDP团队的一款开源的远程桌面协议（RDP）的实现。 FreeRDP 3.20.1之前版本存在资源管理错误漏洞，该漏洞源于irp_thread_func中，IRP被irp->Complete()释放后又在错误路径上被访问，可能导致堆释放后重用。

Description (English)

FreeRDP is an open-source remote desktop protocol (RDP) for the FreeRDP team. The previous version of FreeRDP 3.20.1 had a resource management error loophole, which originated in irp thread func, and IRP was accessed on the wrong path after being released by irp->complete (), which could lead to re-use of the pile.

Hazard Level

High

Vulnerability Type

资源管理错误

Affected Vendor

FreeRDP

Published

2026-01-14

Last Modified

2026-02-24

References

https://github.com/FreeRDP/FreeRDP/releases/tag/3.20.1 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4gxq-jhq6-4cr8 https://access.redhat.com/security/cve/cve-2026-22857

Patch

https://github.com/FreeRDP/FreeRDP/releases