Описание
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xf_cliprdr_provide_data_ passes freed pDstData to XChangeProperty because the cliprdr channel thread calls xf_cliprdr_server_format_data_response which converts and uses the clipboard data without holding any lock, while the X11 event thread concurrently calls xf_cliprdr_clear_cached_data → HashTable_Clear which frees the same data via xf_cached_data_free, triggering a heap use after free. Version 3.23.0 fixes the issue.
A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A remote attacker could exploit a race condition in the clipboard handling feature. This vulnerability, known as a heap use-after-free, occurs when the system attempts to use memory that has already been released. Successful exploitation could lead to a denial of service, making the system unavailable.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | freerdp | Fix deferred | ||
| Red Hat Enterprise Linux 6 | freerdp | Fix deferred | ||
| Red Hat Enterprise Linux 7 | freerdp | Fix deferred | ||
| Red Hat Enterprise Linux 8 | freerdp | Fix deferred | ||
| Red Hat Enterprise Linux 9 | freerdp | Fix deferred |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_cliprdr_provide_data_` passes freed `pDstData` to `XChangeProperty` because the cliprdr channel thread calls `xf_cliprdr_server_format_data_response` which converts and uses the clipboard data without holding any lock, while the X11 event thread concurrently calls `xf_cliprdr_clear_cached_data` → `HashTable_Clear` which frees the same data via `xf_cached_data_free`, triggering a heap use after free. Version 3.23.0 fixes the issue.
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_cliprdr_provide_data_` passes freed `pDstData` to `XChangeProperty` because the cliprdr channel thread calls `xf_cliprdr_server_format_data_response` which converts and uses the clipboard data without holding any lock, while the X11 event thread concurrently calls `xf_cliprdr_clear_cached_data` → `HashTable_Clear` which frees the same data via `xf_cached_data_free`, triggering a heap use after free. Version 3.23.0 fixes the issue.
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...
EPSS
5.3 Medium
CVSS3