Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog
Консоль
Π›ΠΎΠ³ΠΎΡ‚ΠΈΠΏ exploitDog

exploitDog

ubuntu Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2026-25952

ΠžΠΏΡƒΠ±Π»ΠΈΠΊΠΎΠ²Π°Π½ΠΎ: 25 Ρ„Π΅Π². 2026
Π˜ΡΡ‚ΠΎΡ‡Π½ΠΈΠΊ: ubuntu
ΠŸΡ€ΠΈΠΎΡ€ΠΈΡ‚Π΅Ρ‚: medium
EPSS Низкий
CVSS3: 9.8

ОписаниС

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xf_SetWindowMinMaxInfo dereferences a freed xfAppWindow pointer because xf_rail_get_window in xf_rail_server_min_max_info returns an unprotected pointer from the railWindows hash table, and the main thread can concurrently delete the window (via a window delete order) while the RAIL channel thread is still using the pointer. Version 3.23.0 fixes the issue.

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-apps/bionic

needs-triage

esm-infra/xenial

needs-triage

jammy

DNE

noble

DNE

questing

DNE

upstream

needs-triage

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

DNE

esm-apps/noble

needs-triage

esm-infra/bionic

needs-triage

esm-infra/focal

needs-triage

jammy

needs-triage

noble

needs-triage

questing

DNE

upstream

needs-triage

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Π Π΅Π»ΠΈΠ·Π‘Ρ‚Π°Ρ‚ΡƒΡΠŸΡ€ΠΈΠΌΠ΅Ρ‡Π°Π½ΠΈΠ΅
devel

pending

3.24.0+dfsg-2
jammy

DNE

noble

released

3.5.1+dfsg1-0ubuntu1.4
questing

released

3.16.0+dfsg-2ubuntu0.3
upstream

released

3.23.0

ΠŸΠΎΠΊΠ°Π·Ρ‹Π²Π°Ρ‚ΡŒ ΠΏΠΎ

Бсылки Π½Π° источники

EPSS

ΠŸΡ€ΠΎΡ†Π΅Π½Ρ‚ΠΈΠ»ΡŒ: 29%
0.00108
Низкий

9.8 Critical

CVSS3

БвязанныС уязвимости

redhat Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2026-25952

CVSS3: 6.4
redhat
ΠΎΠΊΠΎΠ»ΠΎ 1 мСсяца Π½Π°Π·Π°Π΄

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_SetWindowMinMaxInfo` dereferences a freed `xfAppWindow` pointer because `xf_rail_get_window` in `xf_rail_server_min_max_info` returns an unprotected pointer from the `railWindows` hash table, and the main thread can concurrently delete the window (via a window delete order) while the RAIL channel thread is still using the pointer. Version 3.23.0 fixes the issue.

nvd Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2026-25952

CVSS3: 9.8
nvd
ΠΎΠΊΠΎΠ»ΠΎ 1 мСсяца Π½Π°Π·Π°Π΄

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, `xf_SetWindowMinMaxInfo` dereferences a freed `xfAppWindow` pointer because `xf_rail_get_window` in `xf_rail_server_min_max_info` returns an unprotected pointer from the `railWindows` hash table, and the main thread can concurrently delete the window (via a window delete order) while the RAIL channel thread is still using the pointer. Version 3.23.0 fixes the issue.

debian Π»ΠΎΠ³ΠΎΡ‚ΠΈΠΏ

CVE-2026-25952

CVSS3: 9.8
debian
ΠΎΠΊΠΎΠ»ΠΎ 1 мСсяца Π½Π°Π·Π°Π΄

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior ...

EPSS

ΠŸΡ€ΠΎΡ†Π΅Π½Ρ‚ΠΈΠ»ΡŒ: 29%
0.00108
Низкий

9.8 Critical

CVSS3

Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡ‚ΡŒ CVE-2026-25952