How severe is CVE-2026-22857?

The severity of CVE-2026-22857 has not been assessed with CVSS v3.

CVE-2026-22857

NONE

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap use-after-free occurs in irp_thread_func because the IRP is freed by irp->Complete() and then accessed again on

게시됨: 1/14/2026업데이트됨: 1/14/2026

설명

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap use-after-free occurs in irp_thread_func because the IRP is freed by irp->Complete() and then accessed again on the error path. This vulnerability is fixed in 3.20.1.

AI 분석AI 기반

참조

https://github.com/FreeRDP/FreeRDP/releases/tag/3.20.1
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4gxq-jhq6-4cr8