{
  "threat_severity" : "Moderate",
  "public_date" : "2026-01-14T17:53:54Z",
  "bugzilla" : {
    "description" : "freerdp: FreeRDP heap-use-after-free",
    "id" : "2429656",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2429656"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.6",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
    "status" : "draft"
  },
  "cwe" : "CWE-416",
  "details" : [ "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a heap use-after-free occurs in irp_thread_func because the IRP is freed by irp->Complete() and then accessed again on the error path. This vulnerability is fixed in 3.20.1.", "A heap use after free flaw has been discovered in FreeRDP. This heap use-after-free occurs in `irp_thread_func` because the IRP is freed by irp->Complete() and then accessed again on the error path." ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Affected",
    "package_name" : "freerdp",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Affected",
    "package_name" : "freerdp",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "freerdp",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "freerdp",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "freerdp",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-22857\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-22857\nhttps://github.com/FreeRDP/FreeRDP/releases/tag/3.20.1\nhttps://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4gxq-jhq6-4cr8" ],
  "name" : "CVE-2026-22857",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}