{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33995", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-24T22:20:06.212Z", "datePublished": "2026-03-30T21:43:49.873Z", "dateUpdated": "2026-04-02T14:13:21.632Z"}, "containers": {"cna": {"title": "FreeRDP: Possible double free in kerberos_AcceptSecurityContext", "problemTypes": [{"descriptions": [{"cweId": "CWE-415", "lang": "en", "description": "CWE-415: Double Free", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mv25-f4p2-5mxx", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mv25-f4p2-5mxx"}, {"name": "https://github.com/FreeRDP/FreeRDP/commit/8078b8af1359055972e4fb2f509f543b69169391", "tags": ["x_refsource_MISC"], "url": "https://github.com/FreeRDP/FreeRDP/commit/8078b8af1359055972e4fb2f509f543b69169391"}], "affected": [{"vendor": "FreeRDP", "product": "FreeRDP", "versions": [{"version": "< 3.24.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-30T21:43:49.873Z"}, "descriptions": [{"lang": "en", "value": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a double-free vulnerability in kerberos_AcceptSecurityContext() and kerberos_InitializeSecurityContextA() (WinPR, winpr/libwinpr/sspi/Kerberos/kerberos.c) can cause a crash in any FreeRDP clients on systems where Kerberos and/or Kerberos U2U is configured (Samba AD member, or krb5 for NFS). The crash is triggered during NLA connection teardown and requires a failed authentication attempt. This issue has been patched in version 3.24.2."}], "source": {"advisory": "GHSA-mv25-f4p2-5mxx", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-02T14:12:44.001128Z", "id": "CVE-2026-33995", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T14:13:21.632Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33995", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-02T14:12:44.001128Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-02T14:13:18.369Z"}}], "cna": {"title": "FreeRDP: Possible double free in kerberos_AcceptSecurityContext", "source": {"advisory": "GHSA-mv25-f4p2-5mxx", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "FreeRDP", "product": "FreeRDP", "versions": [{"status": "affected", "version": "< 3.24.2"}]}], "references": [{"url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mv25-f4p2-5mxx", "name": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mv25-f4p2-5mxx", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/FreeRDP/FreeRDP/commit/8078b8af1359055972e4fb2f509f543b69169391", "name": "https://github.com/FreeRDP/FreeRDP/commit/8078b8af1359055972e4fb2f509f543b69169391", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a double-free vulnerability in kerberos_AcceptSecurityContext() and kerberos_InitializeSecurityContextA() (WinPR, winpr/libwinpr/sspi/Kerberos/kerberos.c) can cause a crash in any FreeRDP clients on systems where Kerberos and/or Kerberos U2U is configured (Samba AD member, or krb5 for NFS). The crash is triggered during NLA connection teardown and requires a failed authentication attempt. This issue has been patched in version 3.24.2."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-415", "description": "CWE-415: Double Free"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-30T21:43:49.873Z"}}}, "cveMetadata": {"cveId": "CVE-2026-33995", "state": "PUBLISHED", "dateUpdated": "2026-04-02T14:13:21.632Z", "dateReserved": "2026-03-24T22:20:06.212Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-30T21:43:49.873Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*", "matchCriteriaId": "03FF152C-C651-4586-8958-1555D9797516", "versionEndExcluding": "3.24.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a double-free vulnerability in kerberos_AcceptSecurityContext() and kerberos_InitializeSecurityContextA() (WinPR, winpr/libwinpr/sspi/Kerberos/kerberos.c) can cause a crash in any FreeRDP clients on systems where Kerberos and/or Kerberos U2U is configured (Samba AD member, or krb5 for NFS). The crash is triggered during NLA connection teardown and requires a failed authentication attempt. This issue has been patched in version 3.24.2."}, {"lang": "es", "value": "FreeRDP es una implementaci\u00f3n gratuita del Protocolo de Escritorio Remoto. Antes de la versi\u00f3n 3.24.2, una vulnerabilidad de doble liberaci\u00f3n en kerberos_AcceptSecurityContext() y kerberos_InitializeSecurityContextA() (WinPR, winpr/libwinpr/sspi/Kerberos/kerberos.c) puede causar un fallo en cualquier cliente de FreeRDP en sistemas donde Kerberos y/o Kerberos U2U est\u00e1 configurado (miembro de Samba AD, o krb5 para NFS). El fallo se desencadena durante la desconexi\u00f3n de la conexi\u00f3n NLA y requiere un intento de autenticaci\u00f3n fallido. Este problema ha sido parcheado en la versi\u00f3n 3.24.2."}], "id": "CVE-2026-33995", "lastModified": "2026-04-01T18:35:09.973", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-30T22:16:20.167", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/FreeRDP/FreeRDP/commit/8078b8af1359055972e4fb2f509f543b69169391"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mv25-f4p2-5mxx"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-415"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "FreeRDP: FreeRDP: Denial of Service via double-free vulnerability during NLA connection teardown", "id": "2453222", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453222"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-825", "details": ["FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a double-free vulnerability in kerberos_AcceptSecurityContext() and kerberos_InitializeSecurityContextA() (WinPR, winpr/libwinpr/sspi/Kerberos/kerberos.c) can cause a crash in any FreeRDP clients on systems where Kerberos and/or Kerberos U2U is configured (Samba AD member, or krb5 for NFS). The crash is triggered during NLA connection teardown and requires a failed authentication attempt. This issue has been patched in version 3.24.2.", "A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol. A remote attacker could exploit a double-free vulnerability in the Kerberos security context functions, specifically `kerberos_AcceptSecurityContext()` and `kerberos_InitializeSecurityContextA()`, within the WinPR library. This vulnerability is triggered during the Network Level Authentication (NLA) connection teardown process after a failed authentication attempt. Successful exploitation can lead to a client crash, resulting in a Denial of Service (DoS) for affected FreeRDP clients configured with Kerberos."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2026-33995", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "freerdp", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "freerdp", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "freerdp", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "freerdp", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "freerdp", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-30T21:43:49Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-33995\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-33995\nhttps://github.com/FreeRDP/FreeRDP/commit/8078b8af1359055972e4fb2f509f543b69169391\nhttps://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mv25-f4p2-5mxx"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,3.24.2)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "FreeRDP", "source": "cna", "vendor": "FreeRDP"}, "product": "freerdp", "vendor": "freerdp"}], "analysis": {"en": {"generated_at": "2026-03-31T05:57:19.200839+00:00", "value": {"mitigation_remediation": ["Upgrade FreeRDP to version 3.24.2 or later."], "summary": {"action": "Immediate Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The flaw exists in all FreeRDP client releases prior to 3.24.2. It is relevant for installations that use Kerberos or Kerberos U2U authentication, such as systems configured as Samba AD members or using krb5 for NFS mounts. Any affected FreeRDP client on those systems can crash when a failed Kerberos authentication occurs.", "description_and_impact": "The vulnerability is a double\u2011free bug in the Kerberos handling functions of FreeRDP. An attacker who triggers a failed authentication during an NLA session can cause the client to crash. The crash results in a denial\u2011of\u2011service but does not directly compromise confidentiality or integrity. The weakness corresponds to CWE\u2011415: Double Free.", "risk_and_exploitability": "The CVSS score of 5.3 indicates moderate severity. EPSS data is unavailable, and the vulnerability is not listed in CISA's KEV catalog. An attacker can exploit the flaw remotely during the NLA handshake; initiating a connection with Kerberos authentication that fails will trigger the double\u2011free and crash the client. The primary consequence is availability degradation for end users."}}}}, "created": "2026-03-31T19:57:06.940849+00:00", "updated": "2026-03-31T20:39:51.412422+00:00", "vendors": ["freerdp", "freerdp$PRODUCT$freerdp"]}