CNNVD-202601-3016 Information
CNNVD ID
CNNVD-202601-3016
Related CVE
- CNNVD Published: 2026-01-19
Description (Chinese)
FreeRDP是FreeRDP团队的一款开源的远程桌面协议(RDP)的实现。 FreeRDP 3.21.0之前版本存在资源管理错误漏洞,该漏洞源于屏幕外位图删除后,gdi->drawing仍指向已释放的内存,当相关更新数据包到达时可能导致释放后重用,造成崩溃和潜在的堆损坏。
Description (English)
FreeRDP is an open-source remote desktop protocol (RDP) for the FreeRDP team. Prior to FreeRDP 3.21.0, there was a resource management error loophole, which resulted from the removal of the outside map of the screen, and gdi->drawing still pointed to the released memory, which could lead to release reuse when the relevant updated data package arrived, causing collapse and potential pile damage.
Hazard Level
Medium
Vulnerability Type
资源管理错误
Affected Vendor
FreeRDP
Published
2026-01-19
Last Modified
2026-02-24
References
https://github.com/FreeRDP/FreeRDP/blob/3370e30e92a021eb680892dda14d642bc8b8727c/libfreerdp/cache/offscreen.c#L114-L122 https://github.com/FreeRDP/FreeRDP/blob/3370e30e92a021eb680892dda14d642bc8b8727c/libfreerdp/cache/offscreen.c#L87-L91 https://github.com/FreeRDP/FreeRDP/releases/tag/3.21.0 https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cfgj-vc84-f3pp https://access.redhat.com/security/cve/cve-2026-23884
Patch
https://github.com/FreeRDP/FreeRDP/releases
Share on: