Vulnerability-Lookup

WID-SEC-W-2026-0880

Vulnerability from csaf_certbund - Published: 2026-03-25 23:00 - Updated: 2026-05-04 22:00

Summary

FreeRDP: Mehrere Schwachstellen

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: FreeRDP ist eine freie Implementierung des Remote Desktop Protocol (RDP).

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in FreeRDP ausnutzen, um potenziell beliebigen Code auszuführen, einen Denial-of-Service-Zustand herbeizuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder andere, nicht näher spezifizierte Angriffe durchzuführen.

Betroffene Betriebssysteme: - Sonstiges - UNIX - Windows

CVE-2026-33952

Affected products

Known affected 8 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Open Source FreeRDP <3.24.2 Open Source / FreeRDP		<3.24.2
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-33977

Affected products

Known affected 8 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Open Source FreeRDP <3.24.2 Open Source / FreeRDP		<3.24.2
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-33982

Affected products

Known affected 8 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Open Source FreeRDP <3.24.2 Open Source / FreeRDP		<3.24.2
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-33983

Affected products

Known affected 8 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Open Source FreeRDP <3.24.2 Open Source / FreeRDP		<3.24.2
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-33984

Affected products

Known affected 8 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Open Source FreeRDP <3.24.2 Open Source / FreeRDP		<3.24.2
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-33985

Affected products

Known affected 8 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Open Source FreeRDP <3.24.2 Open Source / FreeRDP		<3.24.2
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-33986

Affected products

Known affected 8 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Open Source FreeRDP <3.24.2 Open Source / FreeRDP		<3.24.2
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-33987

Affected products

Known affected 8 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Open Source FreeRDP <3.24.2 Open Source / FreeRDP		<3.24.2
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

CVE-2026-33995

Affected products

Known affected 8 products

Product	Identifier	Version
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Red Hat Enterprise Linux Red Hat	`cpe:/o:redhat:enterprise_linux:-`	—
Open Source FreeRDP <3.24.2 Open Source / FreeRDP		<3.24.2
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
Amazon Linux 2 Amazon	`cpe:/o:amazon:linux_2:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
RESF Rocky Linux RESF	`cpe:/o:resf:rocky_linux:-`	—
Fedora Linux Fedora	`cpe:/o:fedoraproject:fedora:-`	—

References

36 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.freerdp.com/2026/03/25/3_24_2-release	external
https://github.com/FreeRDP/FreeRDP/security/advis…	external
https://github.com/FreeRDP/FreeRDP/security/advis…	external
https://github.com/FreeRDP/FreeRDP/security/advis…	external
https://github.com/FreeRDP/FreeRDP/security/advis…	external
https://github.com/FreeRDP/FreeRDP/security/advis…	external
https://github.com/FreeRDP/FreeRDP/security/advis…	external
https://github.com/FreeRDP/FreeRDP/security/advis…	external
https://github.com/FreeRDP/FreeRDP/security/advis…	external
https://github.com/FreeRDP/FreeRDP/security/advis…	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://bodhi.fedoraproject.org/updates/FEDORA-20…	external
https://alas.aws.amazon.com/AL2/ALAS2-2026-3238.html	external
https://linux.oracle.com/errata/ELSA-2026-8458.html	external
https://access.redhat.com/errata/RHSA-2026:8457	external
https://access.redhat.com/errata/RHSA-2026:8458	external
https://linux.oracle.com/errata/ELSA-2026-8457.html	external
https://errata.build.resf.org/RLSA-2026:8458	external
https://errata.build.resf.org/RLSA-2026:8457	external
https://access.redhat.com/errata/RHSA-2026:8945	external
https://linux.oracle.com/errata/ELSA-2026-8945.html	external
https://access.redhat.com/errata/RHSA-2026:9656	external
https://errata.build.resf.org/RLSA-2026:8945	external
https://access.redhat.com/errata/RHSA-2026:10709	external
https://access.redhat.com/errata/RHSA-2026:11333	external
https://access.redhat.com/errata/RHSA-2026:11332	external
https://access.redhat.com/errata/RHSA-2026:11336	external
https://access.redhat.com/errata/RHSA-2026:11649	external
https://access.redhat.com/errata/RHSA-2026:11651	external
https://access.redhat.com/errata/RHSA-2026:12359	external
https://access.redhat.com/errata/RHSA-2026:12388	external
https://lists.suse.com/pipermail/sle-security-upd…	external
https://lists.opensuse.org/archives/list/security…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "FreeRDP ist eine freie Implementierung des Remote Desktop Protocol (RDP).",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in FreeRDP ausnutzen, um potenziell beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder andere, nicht n\u00e4her spezifizierte Angriffe durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2026-0880 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0880.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2026-0880 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0880"
      },
      {
        "category": "external",
        "summary": "FreeRDP 3.24.2 release notes vom 2026-03-25",
        "url": "https://www.freerdp.com/2026/03/25/3_24_2-release"
      },
      {
        "category": "external",
        "summary": "FreeRDP GitHub Security Advisory GHSA-4gfm-4p52-h478 vom 2026-03-25",
        "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4gfm-4p52-h478"
      },
      {
        "category": "external",
        "summary": "FreeRDP GitHub Security Advisory GHSA-8469-2xcx-frf6 vom 2026-03-25",
        "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8469-2xcx-frf6"
      },
      {
        "category": "external",
        "summary": "FreeRDP GitHub Security Advisory GHSA-8jm9-2925-g4v2 vom 2026-03-25",
        "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8jm9-2925-g4v2"
      },
      {
        "category": "external",
        "summary": "FreeRDP GitHub Security Advisory GHSA-ff8h-p5vc-wcwc vom 2026-03-25",
        "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-ff8h-p5vc-wcwc"
      },
      {
        "category": "external",
        "summary": "FreeRDP GitHub Security Advisory GHSA-h6qw-wxvm-hf97 vom 2026-03-25",
        "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-h6qw-wxvm-hf97"
      },
      {
        "category": "external",
        "summary": "FreeRDP GitHub Security Advisory GHSA-x6gr-8p7h-5h85 vom 2026-03-25",
        "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x6gr-8p7h-5h85"
      },
      {
        "category": "external",
        "summary": "FreeRDP GitHub Security Advisory GHSA-4v4p-9v5x-hc93 vom 2026-03-25",
        "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4v4p-9v5x-hc93"
      },
      {
        "category": "external",
        "summary": "FreeRDP GitHub Security Advisory GHSA-8f2g-3q27-6xm5 vom 2026-03-25",
        "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8f2g-3q27-6xm5"
      },
      {
        "category": "external",
        "summary": "FreeRDP GitHub Security Advisory GHSA-mv25-f4p2-5mxx vom 2026-03-25",
        "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mv25-f4p2-5mxx"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2026-07418A381F vom 2026-03-26",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-07418a381f"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2026-F6FE509803 vom 2026-03-26",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-f6fe509803"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2026-36EA367760 vom 2026-03-26",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-36ea367760"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS2-2026-3238 vom 2026-04-14",
        "url": "https://alas.aws.amazon.com/AL2/ALAS2-2026-3238.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-8458 vom 2026-04-16",
        "url": "https://linux.oracle.com/errata/ELSA-2026-8458.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:8457 vom 2026-04-16",
        "url": "https://access.redhat.com/errata/RHSA-2026:8457"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:8458 vom 2026-04-16",
        "url": "https://access.redhat.com/errata/RHSA-2026:8458"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-8457 vom 2026-04-17",
        "url": "https://linux.oracle.com/errata/ELSA-2026-8457.html"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:8458 vom 2026-04-18",
        "url": "https://errata.build.resf.org/RLSA-2026:8458"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:8457 vom 2026-04-19",
        "url": "https://errata.build.resf.org/RLSA-2026:8457"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:8945 vom 2026-04-20",
        "url": "https://access.redhat.com/errata/RHSA-2026:8945"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2026-8945 vom 2026-04-20",
        "url": "https://linux.oracle.com/errata/ELSA-2026-8945.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:9656 vom 2026-04-22",
        "url": "https://access.redhat.com/errata/RHSA-2026:9656"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2026:8945 vom 2026-04-23",
        "url": "https://errata.build.resf.org/RLSA-2026:8945"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:10709 vom 2026-04-27",
        "url": "https://access.redhat.com/errata/RHSA-2026:10709"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:11333 vom 2026-04-28",
        "url": "https://access.redhat.com/errata/RHSA-2026:11333"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:11332 vom 2026-04-28",
        "url": "https://access.redhat.com/errata/RHSA-2026:11332"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:11336 vom 2026-04-28",
        "url": "https://access.redhat.com/errata/RHSA-2026:11336"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:11649 vom 2026-04-29",
        "url": "https://access.redhat.com/errata/RHSA-2026:11649"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:11651 vom 2026-04-29",
        "url": "https://access.redhat.com/errata/RHSA-2026:11651"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:12359 vom 2026-04-30",
        "url": "https://access.redhat.com/errata/RHSA-2026:12359"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2026:12388 vom 2026-04-30",
        "url": "https://access.redhat.com/errata/RHSA-2026:12388"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2026:21436-1 vom 2026-05-04",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/025817.html"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2026:20657-1 vom 2026-05-04",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GOVYWHBP2GJ4JKEUYYSBX76EN3L3ZYNM/"
      }
    ],
    "source_lang": "en-US",
    "title": "FreeRDP: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2026-05-04T22:00:00.000+00:00",
      "generator": {
        "date": "2026-05-05T08:26:33.900+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2026-0880",
      "initial_release_date": "2026-03-25T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2026-03-25T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2026-03-30T22:00:00.000+00:00",
          "number": "2",
          "summary": "Referenz(en) aufgenommen: EUVD-2026-17225, EUVD-2026-17221, EUVD-2026-17223, EUVD-2026-17229, EUVD-2026-17227, EUVD-2026-17235, EUVD-2026-17233, EUVD-2026-17231, EUVD-2026-17237"
        },
        {
          "date": "2026-04-13T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2026-04-16T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Oracle Linux und Red Hat aufgenommen"
        },
        {
          "date": "2026-04-19T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
        },
        {
          "date": "2026-04-20T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2026-04-21T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-04-23T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
        },
        {
          "date": "2026-04-26T22:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-04-27T22:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-04-28T22:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-05-03T22:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2026-05-04T22:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von openSUSE aufgenommen"
        }
      ],
      "status": "final",
      "version": "13"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Fedora Linux",
            "product": {
              "name": "Fedora Linux",
              "product_id": "74185",
              "product_identification_helper": {
                "cpe": "cpe:/o:fedoraproject:fedora:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Fedora"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c3.24.2",
                "product": {
                  "name": "Open Source FreeRDP \u003c3.24.2",
                  "product_id": "T052194"
                }
              },
              {
                "category": "product_version",
                "name": "3.24.2",
                "product": {
                  "name": "Open Source FreeRDP 3.24.2",
                  "product_id": "T052194-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:freerdp:freerdp:3.24.2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "FreeRDP"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "RESF Rocky Linux",
            "product": {
              "name": "RESF Rocky Linux",
              "product_id": "T032255",
              "product_identification_helper": {
                "cpe": "cpe:/o:resf:rocky_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "RESF"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "SUSE openSUSE",
            "product": {
              "name": "SUSE openSUSE",
              "product_id": "T027843",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:opensuse:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-33952",
      "product_status": {
        "known_affected": [
          "T002207",
          "67646",
          "T052194",
          "T027843",
          "398363",
          "T004914",
          "T032255",
          "74185"
        ]
      },
      "release_date": "2026-03-25T23:00:00.000+00:00",
      "title": "CVE-2026-33952"
    },
    {
      "cve": "CVE-2026-33977",
      "product_status": {
        "known_affected": [
          "T002207",
          "67646",
          "T052194",
          "T027843",
          "398363",
          "T004914",
          "T032255",
          "74185"
        ]
      },
      "release_date": "2026-03-25T23:00:00.000+00:00",
      "title": "CVE-2026-33977"
    },
    {
      "cve": "CVE-2026-33982",
      "product_status": {
        "known_affected": [
          "T002207",
          "67646",
          "T052194",
          "T027843",
          "398363",
          "T004914",
          "T032255",
          "74185"
        ]
      },
      "release_date": "2026-03-25T23:00:00.000+00:00",
      "title": "CVE-2026-33982"
    },
    {
      "cve": "CVE-2026-33983",
      "product_status": {
        "known_affected": [
          "T002207",
          "67646",
          "T052194",
          "T027843",
          "398363",
          "T004914",
          "T032255",
          "74185"
        ]
      },
      "release_date": "2026-03-25T23:00:00.000+00:00",
      "title": "CVE-2026-33983"
    },
    {
      "cve": "CVE-2026-33984",
      "product_status": {
        "known_affected": [
          "T002207",
          "67646",
          "T052194",
          "T027843",
          "398363",
          "T004914",
          "T032255",
          "74185"
        ]
      },
      "release_date": "2026-03-25T23:00:00.000+00:00",
      "title": "CVE-2026-33984"
    },
    {
      "cve": "CVE-2026-33985",
      "product_status": {
        "known_affected": [
          "T002207",
          "67646",
          "T052194",
          "T027843",
          "398363",
          "T004914",
          "T032255",
          "74185"
        ]
      },
      "release_date": "2026-03-25T23:00:00.000+00:00",
      "title": "CVE-2026-33985"
    },
    {
      "cve": "CVE-2026-33986",
      "product_status": {
        "known_affected": [
          "T002207",
          "67646",
          "T052194",
          "T027843",
          "398363",
          "T004914",
          "T032255",
          "74185"
        ]
      },
      "release_date": "2026-03-25T23:00:00.000+00:00",
      "title": "CVE-2026-33986"
    },
    {
      "cve": "CVE-2026-33987",
      "product_status": {
        "known_affected": [
          "T002207",
          "67646",
          "T052194",
          "T027843",
          "398363",
          "T004914",
          "T032255",
          "74185"
        ]
      },
      "release_date": "2026-03-25T23:00:00.000+00:00",
      "title": "CVE-2026-33987"
    },
    {
      "cve": "CVE-2026-33995",
      "product_status": {
        "known_affected": [
          "T002207",
          "67646",
          "T052194",
          "T027843",
          "398363",
          "T004914",
          "T032255",
          "74185"
        ]
      },
      "release_date": "2026-03-25T23:00:00.000+00:00",
      "title": "CVE-2026-33995"
    }
  ]
}

CVE-2026-33984 (GCVE-0-2026-33984)

Vulnerability from cvelistv5 – Published: 2026-03-30 21:42 – Updated: 2026-04-02 12:57

Title

FreeRDP: ClearCodec resize_vbar_entry() Heap OOB Write

Summary

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in resize_vbar_entry() in libfreerdp/codec/clear.c, vBarEntry->size is updated to vBarEntry->count before the winpr_aligned_recalloc() call. If realloc fails, size is inflated while pixels still points to the old, smaller buffer. On a subsequent call where count <= size (the inflated value), realloc is skipped. The caller then writes count * bpp bytes of attacker-controlled pixel data into the undersized buffer, causing a heap buffer overflow. This issue has been patched in version 3.24.2.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-122 - Heap-based Buffer Overflow
CWE-131 - Incorrect Calculation of Buffer Size

Assigner

GitHub_M

References

2 references

URL	Tags
https://github.com/FreeRDP/FreeRDP/security/advis…	x_refsource_CONFIRM
https://github.com/FreeRDP/FreeRDP/commit/dc7fdb1…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
FreeRDP	FreeRDP	Affected: < 3.24.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-33984",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-02T03:55:56.355506Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-02T12:57:14.482Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "FreeRDP",
          "vendor": "FreeRDP",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.24.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in resize_vbar_entry() in libfreerdp/codec/clear.c, vBarEntry-\u003esize is updated to vBarEntry-\u003ecount before the winpr_aligned_recalloc() call. If realloc fails, size is inflated while pixels still points to the old, smaller buffer. On a subsequent call where count \u003c= size (the inflated value), realloc is skipped. The caller then writes count * bpp bytes of attacker-controlled pixel data into the undersized buffer, causing a heap buffer overflow. This issue has been patched in version 3.24.2."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-131",
              "description": "CWE-131: Incorrect Calculation of Buffer Size",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-30T21:42:57.090Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8469-2xcx-frf6",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8469-2xcx-frf6"
        },
        {
          "name": "https://github.com/FreeRDP/FreeRDP/commit/dc7fdb165095139be779a4000199bc1706b06ad5",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FreeRDP/FreeRDP/commit/dc7fdb165095139be779a4000199bc1706b06ad5"
        }
      ],
      "source": {
        "advisory": "GHSA-8469-2xcx-frf6",
        "discovery": "UNKNOWN"
      },
      "title": "FreeRDP: ClearCodec resize_vbar_entry() Heap OOB Write"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-33984",
    "datePublished": "2026-03-30T21:42:57.090Z",
    "dateReserved": "2026-03-24T22:20:06.211Z",
    "dateUpdated": "2026-04-02T12:57:14.482Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-33983 (GCVE-0-2026-33983)

Vulnerability from cvelistv5 – Published: 2026-03-30 21:42 – Updated: 2026-03-31 15:32

Title

FreeRDP: Progressive Codec Quant BYTE Underflow - UB + CPU DoS

Summary

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, progressive_decompress_tile_upgrade() detects a mismatch via progressive_rfx_quant_cmp_equal() but only emits WLog_WARN, execution continues. The wrapped value (247) is used as a shift exponent, causing undefined behavior and an approximately 80 billion iteration loop (CPU DoS). This issue has been patched in version 3.24.2.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE

CWE-190 - Integer Overflow or Wraparound
CWE-252 - Unchecked Return Value

Assigner

GitHub_M

References

2 references

URL	Tags
https://github.com/FreeRDP/FreeRDP/security/advis…	x_refsource_CONFIRM
https://github.com/FreeRDP/FreeRDP/commit/78188ab…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
FreeRDP	FreeRDP	Affected: < 3.24.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-33983",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-31T15:31:53.424436Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-31T15:32:05.510Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "FreeRDP",
          "vendor": "FreeRDP",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.24.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, progressive_decompress_tile_upgrade() detects a mismatch via progressive_rfx_quant_cmp_equal() but only emits WLog_WARN, execution continues. The wrapped value (247) is used as a shift exponent, causing undefined behavior and an approximately 80 billion iteration loop (CPU DoS). This issue has been patched in version 3.24.2."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-190",
              "description": "CWE-190: Integer Overflow or Wraparound",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-252",
              "description": "CWE-252: Unchecked Return Value",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-30T21:42:27.798Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4gfm-4p52-h478",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4gfm-4p52-h478"
        },
        {
          "name": "https://github.com/FreeRDP/FreeRDP/commit/78188ab479c8e6eb9ba2475b3732c76b4bbe5425",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FreeRDP/FreeRDP/commit/78188ab479c8e6eb9ba2475b3732c76b4bbe5425"
        }
      ],
      "source": {
        "advisory": "GHSA-4gfm-4p52-h478",
        "discovery": "UNKNOWN"
      },
      "title": "FreeRDP: Progressive Codec Quant BYTE Underflow - UB + CPU DoS"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-33983",
    "datePublished": "2026-03-30T21:42:27.798Z",
    "dateReserved": "2026-03-24T22:20:06.210Z",
    "dateUpdated": "2026-03-31T15:32:05.510Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-33952 (GCVE-0-2026-33952)

Vulnerability from cvelistv5 – Published: 2026-03-30 21:42 – Updated: 2026-04-02 14:11

Title

FreeRDP: DoS via WINPR_ASSERT in rts_read_auth_verifier_no_checks

Summary

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, an unvalidated auth_length field read from the network triggers a WINPR_ASSERT() failure in rts_read_auth_verifier_no_checks(), causing any FreeRDP client connecting through a malicious RDP Gateway to crash with SIGABRT. This is a pre-authentication denial of service affecting all FreeRDP clients using RPC-over-HTTP gateway transport. The assertion is active in default release builds (WITH_VERBOSE_WINPR_ASSERT=ON). This issue has been patched in version 3.24.2.

Severity ?

6 (Medium)


                        
                          CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

CWE

CWE-617 - Reachable Assertion

Assigner

GitHub_M

References

2 references

URL	Tags
https://github.com/FreeRDP/FreeRDP/security/advis…	x_refsource_CONFIRM
https://github.com/FreeRDP/FreeRDP/commit/4ac0b64…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
FreeRDP	FreeRDP	Affected: < 3.24.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-33952",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-02T14:11:12.430413Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-02T14:11:49.575Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "FreeRDP",
          "vendor": "FreeRDP",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.24.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, an unvalidated auth_length field read from the network triggers a WINPR_ASSERT() failure in rts_read_auth_verifier_no_checks(), causing any FreeRDP client connecting through a malicious RDP Gateway to crash with SIGABRT. This is a pre-authentication denial of service affecting all FreeRDP clients using RPC-over-HTTP gateway transport. The assertion is active in default release builds (WITH_VERBOSE_WINPR_ASSERT=ON). This issue has been patched in version 3.24.2."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "HIGH",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "PASSIVE",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-617",
              "description": "CWE-617: Reachable Assertion",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-30T21:42:00.473Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4v4p-9v5x-hc93",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4v4p-9v5x-hc93"
        },
        {
          "name": "https://github.com/FreeRDP/FreeRDP/commit/4ac0b6467d371a1ad47c1f751c5b305e4c068adb",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FreeRDP/FreeRDP/commit/4ac0b6467d371a1ad47c1f751c5b305e4c068adb"
        }
      ],
      "source": {
        "advisory": "GHSA-4v4p-9v5x-hc93",
        "discovery": "UNKNOWN"
      },
      "title": "FreeRDP: DoS via WINPR_ASSERT in rts_read_auth_verifier_no_checks"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-33952",
    "datePublished": "2026-03-30T21:42:00.473Z",
    "dateReserved": "2026-03-24T19:50:52.106Z",
    "dateUpdated": "2026-04-02T14:11:49.575Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-33985 (GCVE-0-2026-33985)

Vulnerability from cvelistv5 – Published: 2026-03-30 21:43 – Updated: 2026-03-31 18:53

Title

FreeRDP: ClearCodec Glyph Cache Count Desync - Heap OOB Read

Summary

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, pixel data from adjacent heap memory is rendered to screen, potentially leaking sensitive data to the attacker. This issue has been patched in version 3.24.2.

Severity ?

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L

CWE

CWE-125 - Out-of-bounds Read
CWE-131 - Incorrect Calculation of Buffer Size

Assigner

GitHub_M

References

2 references

URL	Tags
https://github.com/FreeRDP/FreeRDP/security/advis…	x_refsource_CONFIRM
https://github.com/FreeRDP/FreeRDP/commit/c49d1ad…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
FreeRDP	FreeRDP	Affected: < 3.24.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-33985",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-31T18:50:32.422828Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-31T18:53:29.979Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "FreeRDP",
          "vendor": "FreeRDP",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.24.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, pixel data from adjacent heap memory is rendered to screen, potentially leaking sensitive data to the attacker. This issue has been patched in version 3.24.2."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125: Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-131",
              "description": "CWE-131: Incorrect Calculation of Buffer Size",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-30T21:43:13.335Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x6gr-8p7h-5h85",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x6gr-8p7h-5h85"
        },
        {
          "name": "https://github.com/FreeRDP/FreeRDP/commit/c49d1ad43b8c7b32794d0250f2623c2dccd7ef25",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FreeRDP/FreeRDP/commit/c49d1ad43b8c7b32794d0250f2623c2dccd7ef25"
        }
      ],
      "source": {
        "advisory": "GHSA-x6gr-8p7h-5h85",
        "discovery": "UNKNOWN"
      },
      "title": "FreeRDP: ClearCodec Glyph Cache Count Desync - Heap OOB Read"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-33985",
    "datePublished": "2026-03-30T21:43:13.335Z",
    "dateReserved": "2026-03-24T22:20:06.211Z",
    "dateUpdated": "2026-03-31T18:53:29.979Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-33986 (GCVE-0-2026-33986)

Vulnerability from cvelistv5 – Published: 2026-03-30 21:43 – Updated: 2026-04-01 03:55

Title

FreeRDP: H.264 YUV Buffer Dimension Desync - Heap OOB Write

Summary

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in yuv_ensure_buffer() in libfreerdp/codec/h264.c, h264->width and h264->height are updated before the reallocation loop. If any winpr_aligned_recalloc() call fails, the function returns FALSE but width/height are already inflated. This issue has been patched in version 3.24.2.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-122 - Heap-based Buffer Overflow
CWE-131 - Incorrect Calculation of Buffer Size

Assigner

GitHub_M

References

2 references

URL	Tags
https://github.com/FreeRDP/FreeRDP/security/advis…	x_refsource_CONFIRM
https://github.com/FreeRDP/FreeRDP/commit/f6e43e2…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
FreeRDP	FreeRDP	Affected: < 3.24.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-33986",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-31T00:00:00+00:00",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-01T03:55:16.088Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "FreeRDP",
          "vendor": "FreeRDP",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.24.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in yuv_ensure_buffer() in libfreerdp/codec/h264.c, h264-\u003ewidth and h264-\u003eheight are updated before the reallocation loop. If any winpr_aligned_recalloc() call fails, the function returns FALSE but width/height are already inflated. This issue has been patched in version 3.24.2."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-131",
              "description": "CWE-131: Incorrect Calculation of Buffer Size",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-30T21:43:21.951Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-h6qw-wxvm-hf97",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-h6qw-wxvm-hf97"
        },
        {
          "name": "https://github.com/FreeRDP/FreeRDP/commit/f6e43e208958140074ae9bb93cd0c9045a371c77",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FreeRDP/FreeRDP/commit/f6e43e208958140074ae9bb93cd0c9045a371c77"
        }
      ],
      "source": {
        "advisory": "GHSA-h6qw-wxvm-hf97",
        "discovery": "UNKNOWN"
      },
      "title": "FreeRDP: H.264 YUV Buffer Dimension Desync - Heap OOB Write"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-33986",
    "datePublished": "2026-03-30T21:43:21.951Z",
    "dateReserved": "2026-03-24T22:20:06.211Z",
    "dateUpdated": "2026-04-01T03:55:16.088Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-33987 (GCVE-0-2026-33987)

Vulnerability from cvelistv5 – Published: 2026-03-30 21:43 – Updated: 2026-03-31 15:32

Title

FreeRDP: Persistent Cache bmpSize Desync - Heap OOB Write

Summary

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in persistent_cache_read_entry_v3() in libfreerdp/cache/persistent.c, persistent->bmpSize is updated before winpr_aligned_recalloc(). If realloc fails, bmpSize is inflated while bmpData points to the old buffer. This issue has been patched in version 3.24.2.

Severity ?

7.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

CWE

CWE-122 - Heap-based Buffer Overflow
CWE-131 - Incorrect Calculation of Buffer Size

Assigner

GitHub_M

References

2 references

URL	Tags
https://github.com/FreeRDP/FreeRDP/security/advis…	x_refsource_CONFIRM
https://github.com/FreeRDP/FreeRDP/commit/1a890eb…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
FreeRDP	FreeRDP	Affected: < 3.24.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-33987",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-31T15:32:34.486052Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-31T15:32:44.898Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "FreeRDP",
          "vendor": "FreeRDP",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.24.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in persistent_cache_read_entry_v3() in libfreerdp/cache/persistent.c, persistent-\u003ebmpSize is updated before winpr_aligned_recalloc(). If realloc fails, bmpSize is inflated while bmpData points to the old buffer. This issue has been patched in version 3.24.2."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122: Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-131",
              "description": "CWE-131: Incorrect Calculation of Buffer Size",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-30T21:43:39.943Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-ff8h-p5vc-wcwc",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-ff8h-p5vc-wcwc"
        },
        {
          "name": "https://github.com/FreeRDP/FreeRDP/commit/1a890eb43492b5eb707cb3dd6fc908f696e8fc1c",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FreeRDP/FreeRDP/commit/1a890eb43492b5eb707cb3dd6fc908f696e8fc1c"
        }
      ],
      "source": {
        "advisory": "GHSA-ff8h-p5vc-wcwc",
        "discovery": "UNKNOWN"
      },
      "title": "FreeRDP: Persistent Cache bmpSize Desync - Heap OOB Write"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-33987",
    "datePublished": "2026-03-30T21:43:39.943Z",
    "dateReserved": "2026-03-24T22:20:06.211Z",
    "dateUpdated": "2026-03-31T15:32:44.898Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-33977 (GCVE-0-2026-33977)

Vulnerability from cvelistv5 – Published: 2026-03-30 21:41 – Updated: 2026-03-31 19:09

Title

FreeRDP: DoS via WINPR_ASSERT in IMA ADPCM audio decoder (dsp.c:331)

Summary

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a malicious RDP server can crash the FreeRDP client by sending audio data in IMA ADPCM format with an invalid initial step index value (>= 89). The unvalidated step index is read directly from the network and used to index into a 89-entry lookup table, triggering a WINPR_ASSERT() failure and process abort via SIGABRT. This affects any FreeRDP client that has audio redirection (RDPSND) enabled, which is the default configuration. This issue has been patched in version 3.24.2.

Severity ?

6.9 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

CWE

CWE-617 - Reachable Assertion

Assigner

GitHub_M

References

2 references

URL	Tags
https://github.com/FreeRDP/FreeRDP/security/advis…	x_refsource_CONFIRM
https://github.com/FreeRDP/FreeRDP/commit/9be3f03…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
FreeRDP	FreeRDP	Affected: < 3.24.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-33977",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-31T18:38:45.941200Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-31T19:09:29.001Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8f2g-3q27-6xm5"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "FreeRDP",
          "vendor": "FreeRDP",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.24.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a malicious RDP server can crash the FreeRDP client by sending audio data in IMA ADPCM format with an invalid initial step index value (\u003e= 89). The unvalidated step index is read directly from the network and used to index into a 89-entry lookup table, triggering a WINPR_ASSERT() failure and process abort via SIGABRT. This affects any FreeRDP client that has audio redirection (RDPSND) enabled, which is the default configuration. This issue has been patched in version 3.24.2."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "ACTIVE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-617",
              "description": "CWE-617: Reachable Assertion",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-30T21:41:36.853Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8f2g-3q27-6xm5",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8f2g-3q27-6xm5"
        },
        {
          "name": "https://github.com/FreeRDP/FreeRDP/commit/9be3f03d94a50892fd58a9f7dee72b2313c69b47",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FreeRDP/FreeRDP/commit/9be3f03d94a50892fd58a9f7dee72b2313c69b47"
        }
      ],
      "source": {
        "advisory": "GHSA-8f2g-3q27-6xm5",
        "discovery": "UNKNOWN"
      },
      "title": "FreeRDP: DoS via WINPR_ASSERT in IMA ADPCM audio decoder (dsp.c:331)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-33977",
    "datePublished": "2026-03-30T21:41:36.853Z",
    "dateReserved": "2026-03-24T22:20:06.210Z",
    "dateUpdated": "2026-03-31T19:09:29.001Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-33982 (GCVE-0-2026-33982)

Vulnerability from cvelistv5 – Published: 2026-03-30 21:42 – Updated: 2026-03-31 14:07

Title

FreeRDP: Persistent Cache Allocator Mismatch - Heap OOB Read

Summary

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, there is a heap-buffer-overflow READ vulnerability at 24 bytes before the allocation, in winpr_aligned_offset_recalloc(). This issue has been patched in version 3.24.2.

Severity ?

7.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

CWE

CWE-125 - Out-of-bounds Read

Assigner

GitHub_M

References

2 references

URL	Tags
https://github.com/FreeRDP/FreeRDP/security/advis…	x_refsource_CONFIRM
https://github.com/FreeRDP/FreeRDP/commit/a48dbde…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
FreeRDP	FreeRDP	Affected: < 3.24.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-33982",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-31T14:07:28.284352Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-31T14:07:35.702Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "FreeRDP",
          "vendor": "FreeRDP",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.24.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, there is a heap-buffer-overflow READ vulnerability at 24 bytes before the allocation, in winpr_aligned_offset_recalloc(). This issue has been patched in version 3.24.2."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125: Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-30T21:42:11.982Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8jm9-2925-g4v2",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8jm9-2925-g4v2"
        },
        {
          "name": "https://github.com/FreeRDP/FreeRDP/commit/a48dbde2c8a5b8b70a9d1c045d969a71afd6284c",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FreeRDP/FreeRDP/commit/a48dbde2c8a5b8b70a9d1c045d969a71afd6284c"
        }
      ],
      "source": {
        "advisory": "GHSA-8jm9-2925-g4v2",
        "discovery": "UNKNOWN"
      },
      "title": "FreeRDP: Persistent Cache Allocator Mismatch - Heap OOB Read"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-33982",
    "datePublished": "2026-03-30T21:42:11.982Z",
    "dateReserved": "2026-03-24T22:20:06.210Z",
    "dateUpdated": "2026-03-31T14:07:35.702Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-33995 (GCVE-0-2026-33995)

Vulnerability from cvelistv5 – Published: 2026-03-30 21:43 – Updated: 2026-04-02 14:13

Title

FreeRDP: Possible double free in kerberos_AcceptSecurityContext

Summary

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a double-free vulnerability in kerberos_AcceptSecurityContext() and kerberos_InitializeSecurityContextA() (WinPR, winpr/libwinpr/sspi/Kerberos/kerberos.c) can cause a crash in any FreeRDP clients on systems where Kerberos and/or Kerberos U2U is configured (Samba AD member, or krb5 for NFS). The crash is triggered during NLA connection teardown and requires a failed authentication attempt. This issue has been patched in version 3.24.2.

Severity ?

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE

CWE-415 - Double Free

Assigner

GitHub_M

References

2 references

URL	Tags
https://github.com/FreeRDP/FreeRDP/security/advis…	x_refsource_CONFIRM
https://github.com/FreeRDP/FreeRDP/commit/8078b8a…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
FreeRDP	FreeRDP	Affected: < 3.24.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-33995",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-02T14:12:44.001128Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-02T14:13:21.632Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "FreeRDP",
          "vendor": "FreeRDP",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.24.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a double-free vulnerability in kerberos_AcceptSecurityContext() and kerberos_InitializeSecurityContextA() (WinPR, winpr/libwinpr/sspi/Kerberos/kerberos.c) can cause a crash in any FreeRDP clients on systems where Kerberos and/or Kerberos U2U is configured (Samba AD member, or krb5 for NFS). The crash is triggered during NLA connection teardown and requires a failed authentication attempt. This issue has been patched in version 3.24.2."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-415",
              "description": "CWE-415: Double Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-30T21:43:49.873Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mv25-f4p2-5mxx",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mv25-f4p2-5mxx"
        },
        {
          "name": "https://github.com/FreeRDP/FreeRDP/commit/8078b8af1359055972e4fb2f509f543b69169391",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FreeRDP/FreeRDP/commit/8078b8af1359055972e4fb2f509f543b69169391"
        }
      ],
      "source": {
        "advisory": "GHSA-mv25-f4p2-5mxx",
        "discovery": "UNKNOWN"
      },
      "title": "FreeRDP: Possible double free in kerberos_AcceptSecurityContext"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2026-33995",
    "datePublished": "2026-03-30T21:43:49.873Z",
    "dateReserved": "2026-03-24T22:20:06.212Z",
    "dateUpdated": "2026-04-02T14:13:21.632Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2026-0880

CVE-2026-33984 (GCVE-0-2026-33984)

CVE-2026-33983 (GCVE-0-2026-33983)

CVE-2026-33952 (GCVE-0-2026-33952)

CVE-2026-33985 (GCVE-0-2026-33985)

CVE-2026-33986 (GCVE-0-2026-33986)

CVE-2026-33987 (GCVE-0-2026-33987)

CVE-2026-33977 (GCVE-0-2026-33977)

CVE-2026-33982 (GCVE-0-2026-33982)

CVE-2026-33995 (GCVE-0-2026-33995)

Tags

Sightings

Nomenclature