Description
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a double-free vulnerability in kerberos_AcceptSecurityContext() and kerberos_InitializeSecurityContextA() (WinPR, winpr/libwinpr/sspi/Kerberos/kerberos.c) can cause a crash in any FreeRDP clients on systems where Kerberos and/or Kerberos U2U is configured (Samba AD member, or krb5 for NFS). The crash is triggered during NLA connection teardown and requires a failed authentication attempt. This issue has been patched in version 3.24.2.
Published: 2026-03-30
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Update Software
AI Analysis

Impact

A double‑free bug exists in the Kerberos authentication handling of FreeRDP clients prior to version 3.24.2. When the NLA connection is torn down after a failed authentication attempt, the library frees the same memory twice, causing the client to crash. This crash results in a denial of service on the affected systems, as the RDP session is abruptly terminated. The weakness is identified as CWE‑415 (Double Free) and CWE‑825 (Incomplete Validation of Memory Management).

Affected Systems

All FreeRDP installations using the free implementation of the Remote Desktop Protocol, specifically versions older than 3.24.2, are vulnerable on systems configured with Kerberos or Kerberos U2U such as Samba AD members or clients using krb5 for NFS. The issue arises in the kerberos_AcceptSecurityContext() and kerberos_InitializeSecurityContextA() functions located in winpr/libwinpr/sspi/Kerberos/kerberos.c.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate severity, while the EPSS score of less than 1% suggests a low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. The attack vector is inferred to be remote, requiring an attacker to initiate an RDP session and force a failed authentication that triggers the double‑free during teardown. Exploitability does not gain elevated privilege or confidentiality, but the crash can be used to disrupt connectivity for legitimate users.

Generated by OpenCVE AI on April 2, 2026 at 04:00 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the officially released patch by upgrading FreeRDP to version 3.24.2 or later.

Generated by OpenCVE AI on April 2, 2026 at 04:00 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 02 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*

Wed, 01 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Freerdp
Freerdp freerdp
Weaknesses CWE-825
Vendors & Products Freerdp
Freerdp freerdp
References
Metrics threat_severity

None

 threat_severity

Moderate

Tue, 31 Mar 2026 03:00:00 +0000

Type Values Removed Values Added
Description FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a double-free vulnerability in kerberos_AcceptSecurityContext() and kerberos_InitializeSecurityContextA() (WinPR, winpr/libwinpr/sspi/Kerberos/kerberos.c) can cause a crash in any FreeRDP clients on systems where Kerberos and/or Kerberos U2U is configured (Samba AD member, or krb5 for NFS). The crash is triggered during NLA connection teardown and requires a failed authentication attempt. This issue has been patched in version 3.24.2.
Title FreeRDP: Possible double free in kerberos_AcceptSecurityContext
Weaknesses CWE-415
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L'}

Subscriptions

Freerdp Freerdp
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-02T14:13:21.632Z

Reserved: 2026-03-24T22:20:06.212Z

Link: CVE-2026-33995

cve-icon Vulnrichment

Updated: 2026-04-02T14:13:18.369Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-30T22:16:20.167

Modified: 2026-04-01T18:35:09.973

Link: CVE-2026-33995

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-03-30T21:43:49Z

Links: CVE-2026-33995 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-02T07:53:47Z

Weaknesses