FreeRDP before 3.22.0 contains a use-after-free vulnerability in dvcman_channel_close and dvcman_call_on_receive due to improper synchronization of channel_callback access. A malicious RDP server can trigger a race condition by sending DYNVC_DATA and DYNVC_CLOSE messages concurrently, causing heap-use-after-free in the drdynvc client thread and potentially enabling remote code execution or denial of service.
Metrics
Affected Vendors & Products
References
History
Wed, 08 Jul 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 08 Jul 2026 14:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | FreeRDP before 3.22.0 contains a use-after-free vulnerability in dvcman_channel_close and dvcman_call_on_receive due to improper synchronization of channel_callback access. A malicious RDP server can trigger a race condition by sending DYNVC_DATA and DYNVC_CLOSE messages concurrently, causing heap-use-after-free in the drdynvc client thread and potentially enabling remote code execution or denial of service. | |
| Title | FreeRDP - Use-After-Free via Race Condition in DRDYNVC Channel Callback | |
| First Time appeared |
Freerdp
Freerdp freerdp |
|
| Weaknesses | CWE-362 | |
| CPEs | cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Freerdp
Freerdp freerdp |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-07-08T14:23:00.749Z
Reserved: 2026-06-20T12:49:17.829Z
Link: CVE-2026-56297
Updated: 2026-07-08T14:22:51.069Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-08T15:45:03Z