Description
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, an unvalidated auth_length field read from the network triggers a WINPR_ASSERT() failure in rts_read_auth_verifier_no_checks(), causing any FreeRDP client connecting through a malicious RDP Gateway to crash with SIGABRT. This is a pre-authentication denial of service affecting all FreeRDP clients using RPC-over-HTTP gateway transport. The assertion is active in default release builds (WITH_VERBOSE_WINPR_ASSERT=ON). This issue has been patched in version 3.24.2.
Published: 2026-03-30
Score: 6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch Immediately
AI Analysis

Impact

FreeRDP clients that communicate with a Remote Desktop Protocol (RDP) gateway over HTTP transport may trigger an assertion failure when an unvalidated authentication length field is read from the network. The failure occurs in the rts_read_auth_verifier_no_checks() routine and causes the client to abort with SIGABRT. Because the crash happens before any authentication succeeds, the attacker can prevent the client from establishing a remote session, resulting in a denial‑of‑service condition for the affected user. The weakness is a flow‑control issue (CWE‑617) that does not directly expose confidential data or compromise server integrity.

Affected Systems

All FreeRDP client installations using the RPC‑over‑HTTP gateway transport and running a version earlier than 3.24.2 are affected. The issue has been fixed in FreeRDP 3.24.2 and later releases.

Risk and Exploitability

The vulnerability carries a CVSS score of 6.0, indicating medium severity. No EPSS score is available, and the flaw is not listed in the CISA KEV catalog. The attack can be performed remotely by an adversary who can send a crafted RDP packet to a vulnerable client; no special privileges or local code execution are required beyond network connectivity to the client.

Generated by OpenCVE AI on March 31, 2026 at 05:59 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update FreeRDP to version 3.24.2 or later.

Generated by OpenCVE AI on March 31, 2026 at 05:59 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Freerdp
Freerdp freerdp
Weaknesses CWE-130
Vendors & Products Freerdp
Freerdp freerdp
References
Metrics threat_severity

None

 cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H'}

threat_severity

Moderate

Tue, 31 Mar 2026 03:00:00 +0000

Type Values Removed Values Added
Description FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, an unvalidated auth_length field read from the network triggers a WINPR_ASSERT() failure in rts_read_auth_verifier_no_checks(), causing any FreeRDP client connecting through a malicious RDP Gateway to crash with SIGABRT. This is a pre-authentication denial of service affecting all FreeRDP clients using RPC-over-HTTP gateway transport. The assertion is active in default release builds (WITH_VERBOSE_WINPR_ASSERT=ON). This issue has been patched in version 3.24.2.
Title FreeRDP: DoS via WINPR_ASSERT in rts_read_auth_verifier_no_checks
Weaknesses CWE-617
References
Metrics cvssV4_0

{'score': 6, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Freerdp Freerdp
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-30T21:42:00.473Z

Reserved: 2026-03-24T19:50:52.106Z

Link: CVE-2026-33952

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-03-30T22:16:18.953

Modified: 2026-03-30T22:16:18.953

Link: CVE-2026-33952

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-03-30T21:42:00Z

Links: CVE-2026-33952 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-03-31T20:39:58Z

Weaknesses