Primary

Context

FreeRDP Heap Use-After-Free Vulnerability in URBDRC Channel Prior to 3.22.0

Vulnerability

Patched

A heap use-after-free vulnerability has been identified in FreeRDP, a free implementation of the Remote Desktop Protocol. This issue exists in versions prior to 3.22.0 and arises from asynchronous bulk transfer completions that can use a freed channel callback after the URBDRC channel has been closed. This leads to a use-after-free condition in the 'urb_write_completion' function. The vulnerability can be exploited by a malicious server, causing a client-side crash and potential heap corruption, with a risk of code execution depending on the allocator's behavior and the surrounding heap layout.

Impact

Exploitation of this vulnerability can lead to a client-side heap use-after-free condition, causing a crash and potential heap corruption. This could allow for code execution, depending on the behavior of the memory allocator and the layout of the heap.

Remediation

Users can upgrade to FreeRDP version 3.22.0 or later to address this vulnerability.

Added: Feb 9, 2026, 7:21 PM

Updated: Feb 9, 2026, 10:00 PM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

7.9

exploitability

5.0

remediation

7.7

relevance

2.6

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

7.9

exploitability

5.0

remediation

7.7

relevance

2.6

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

FreeRDP Heap Use-After-Free Vulnerability in URBDRC Channel Prior to 3.22.0

Vulnerability

Impact

Remediation

Affected Products

FreeRDP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating