CVE-2026-24684

Опубликовано: 09 фев. 2026

Источник: redhat

CVSS3: 5.3

EPSS Низкий

Описание

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, the RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsnd_treat_wave. This vulnerability is fixed in 3.22.0.

A heap use after free has been discovered in FreeRDP. The RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsnd_treat_wave.

Отчет

Availability impact is limited to the FreeRDP instance on Red Hat Products. General system availability is not at risk.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 10	freerdp	Affected
Red Hat Enterprise Linux 6	freerdp	Out of support scope
Red Hat Enterprise Linux 7	freerdp	Affected
Red Hat Enterprise Linux 8	freerdp	Affected
Red Hat Enterprise Linux 9	freerdp	Affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-131

https://bugzilla.redhat.com/show_bug.cgi?id=2438208freerdp: FreeRDP has a Heap-use-after-free in play_thread

EPSS

Процентиль: 4%

0.00016

Низкий

5.3 Medium

CVSS3

Связанные уязвимости

CVE-2026-24684

CVSS3: 7.5

ubuntu

около 2 месяцев назад

CVE-2026-24684

CVSS3: 7.5

nvd

около 2 месяцев назад

CVE-2026-24684

CVSS3: 7.5

debian

около 2 месяцев назад

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...

SUSE-SU-2026:0621-1

suse-cvrf

около 1 месяца назад

Security update for freerdp

SUSE-SU-2026:0649-1

suse-cvrf

около 1 месяца назад

Security update for freerdp

EPSS

Процентиль: 4%

0.00016

Низкий

5.3 Medium

CVSS3