Skip to main content

Red Hat CVE-2026-33952

| EUVDEUVD-2026-17221 MEDIUM
Reachable Assertion (CWE-617)
2026-03-30 GitHub_M
6.0
CVSS 4.0 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
6.0 MEDIUM
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Ubuntu
MEDIUM
qualitative
SUSE
6.5 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Red Hat
6.5 MEDIUM
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
P
Scope
X

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 30, 2026 - 22:15 euvd
EUVD-2026-17221
Analysis Generated
Mar 30, 2026 - 22:15 vuln.today
CVE Published
Mar 30, 2026 - 21:42 nvd
MEDIUM 6.0

DescriptionGitHub Advisory

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, an unvalidated auth_length field read from the network triggers a WINPR_ASSERT() failure in rts_read_auth_verifier_no_checks(), causing any FreeRDP client connecting through a malicious RDP Gateway to crash with SIGABRT. This is a pre-authentication denial of service affecting all FreeRDP clients using RPC-over-HTTP gateway transport. The assertion is active in default release builds (WITH_VERBOSE_WINPR_ASSERT=ON). This issue has been patched in version 3.24.2.

AnalysisAI

FreeRDP clients before version 3.24.2 crash with SIGABRT when connecting through a malicious RDP Gateway due to an unvalidated auth_length field triggering a WINPR_ASSERT() failure in rts_read_auth_verifier_no_checks(). This pre-authentication denial of service affects all FreeRDP clients using RPC-over-HTTP gateway transport, regardless of user authentication status. The vulnerability has been patched in version 3.24.2.

Technical ContextAI

FreeRDP implements the Remote Desktop Protocol (RDP) for remote desktop client functionality. The vulnerability exists in the RPC-over-HTTP gateway transport layer, specifically in the auth_verifier parsing code path (rts_read_auth_verifier_no_checks()). The root cause is a lack of validation on the auth_length field read from untrusted network data before it is processed. CWE-617 (Reachable Assertion) indicates that an assertion statement (WINPR_ASSERT) is reachable by an attacker-controlled code path. This assertion is enabled by default in release builds when WITH_VERBOSE_WINPR_ASSERT=ON, causing the entire FreeRDP process to abort immediately rather than gracefully handling the malformed input. The affected CPE pattern cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:* indicates all FreeRDP application versions before the patch are vulnerable.

RemediationAI

Vendor-released patch: FreeRDP version 3.24.2 or later. Users should upgrade FreeRDP to version 3.24.2 or any subsequent release to fix the auth_length validation issue. For systems unable to immediately upgrade, organizations should restrict RDP Gateway traffic from untrusted sources and ensure FreeRDP clients only connect through verified, trusted gateways. Debian and Ubuntu users should check their respective package repositories for updated FreeRDP versions and apply system updates. Detailed patch information and security advisory are available at https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4v4p-9v5x-hc93 and the upstream commit at https://github.com/FreeRDP/FreeRDP/commit/4ac0b6467d371a1ad47c1f751c5b305e4c068adb.

Vendor StatusVendor

Ubuntu

Priority: Medium
freerdp
Release Status Version
xenial needs-triage -
bionic needs-triage -
jammy DNE -
noble DNE -
questing DNE -
upstream needs-triage -
freerdp2
Release Status Version
bionic needs-triage -
focal needs-triage -
jammy needs-triage -
noble needs-triage -
questing DNE -
upstream needs-triage -
freerdp3
Release Status Version
jammy DNE -
noble needs-triage -
questing needs-triage -
upstream needs-triage -

Debian

freerdp2
Release Status Fixed Version Urgency
bullseye vulnerable 2.3.0+dfsg1-2+deb11u1 -
bullseye (security) vulnerable 2.3.0+dfsg1-2+deb11u3 -
bookworm vulnerable 2.11.7+dfsg1-6~deb12u1 -
(unstable) fixed (unfixed) -
freerdp3
Release Status Fixed Version Urgency
trixie vulnerable 3.15.0+dfsg-2.1 -
forky, sid fixed 3.24.2+dfsg-1 -
(unstable) fixed 3.24.2+dfsg-1 -

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP7 Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP7 Fixed
SUSE Linux Enterprise Server 15 SP7 Fixed

Share

CVE-2026-33952 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy