漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Heap-use-after-free in update_pointer_new
Vulnerability Description
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.21.0, `xf_Pointer_New` frees `cursorPixels` on failure, then `pointer_free` calls `xf_Pointer_Free` and frees it again, triggering ASan UAF. A malicious server can trigger a client‑side use after free, causing a crash (DoS) and potential heap corruption with code‑execution risk depending on allocator behavior and surrounding heap layout. Version 3.21.0 contains a patch for the issue.
CVSS Information
N/A
Vulnerability Type
释放后使用
Vulnerability Title
FreeRDP 资源管理错误漏洞
Vulnerability Description
FreeRDP是FreeRDP团队的一款开源的远程桌面协议(RDP)的实现。 FreeRDP 3.21.0之前版本存在资源管理错误漏洞,该漏洞源于xf_Pointer_New函数在失败时释放cursorPixels,随后pointer_free再次调用xf_Pointer_Free并释放它,可能导致释放后重用,造成崩溃和潜在的堆损坏。
CVSS Information
N/A
Vulnerability Type
N/A