CNNVD-202601-2367 Information
CNNVD ID
CNNVD-202601-2367
Related CVE
- CNNVD Published: 2026-01-14
Description (Chinese)
FreeRDP是FreeRDP团队的一款开源的远程桌面协议(RDP)的实现。 FreeRDP 3.20.1之前版本存在输入验证错误漏洞,该漏洞源于URBDRC客户端未对服务器提供的MSUSB_INTERFACE_DESCRIPTOR值执行边界检查,可能导致越界读取。
Description (English)
FreeRDP is an open-source remote desktop protocol (RDP) for the FreeRDP team. The previous version of FreeRDP 3.20.1 had an input validation error loophole that resulted from the failure of the URBDRC client to perform a border check of the Microsoft INTERFACE DECRIPORT values provided by the server, which could lead to cross-border reading.
Hazard Level
High
Vulnerability Type
输入验证错误
Affected Vendor
FreeRDP
Published
2026-01-14
Last Modified
2026-02-24
References
https://github.com/FreeRDP/FreeRDP/releases/tag/3.20.1 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-56f5-76qv-2r36 https://access.redhat.com/security/cve/cve-2026-22859
Patch
https://github.com/FreeRDP/FreeRDP/releases
Share on: