Описание
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xf_cliprdr_provide_data_ passes freed pDstData to XChangeProperty because the cliprdr channel thread calls xf_cliprdr_server_format_data_response which converts and uses the clipboard data without holding any lock, while the X11 event thread concurrently calls xf_cliprdr_clear_cached_data → HashTable_Clear which frees the same data via xf_cached_data_free, triggering a heap use after free. Version 3.23.0 fixes the issue.
Ссылки
- Patch
- Patch
- Patch
- Patch
- Patch
- Patch
- Patch
- Patch
- ExploitPatchVendor Advisory
- ExploitPatchVendor Advisory
Уязвимые конфигурации
EPSS
9.8 Critical
CVSS3
Дефекты
Связанные уязвимости
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_cliprdr_provide_data_` passes freed `pDstData` to `XChangeProperty` because the cliprdr channel thread calls `xf_cliprdr_server_format_data_response` which converts and uses the clipboard data without holding any lock, while the X11 event thread concurrently calls `xf_cliprdr_clear_cached_data` → `HashTable_Clear` which frees the same data via `xf_cached_data_free`, triggering a heap use after free. Version 3.23.0 fixes the issue.
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_cliprdr_provide_data_` passes freed `pDstData` to `XChangeProperty` because the cliprdr channel thread calls `xf_cliprdr_server_format_data_response` which converts and uses the clipboard data without holding any lock, while the X11 event thread concurrently calls `xf_cliprdr_clear_cached_data` → `HashTable_Clear` which frees the same data via `xf_cached_data_free`, triggering a heap use after free. Version 3.23.0 fixes the issue.
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...
EPSS
9.8 Critical
CVSS3