Skip to main content

Red Hat CVE-2026-33995

| EUVDEUVD-2026-17237 MEDIUM
Double Free (CWE-415)
2026-03-30 GitHub_M
5.3
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Ubuntu
MEDIUM
qualitative
SUSE
MEDIUM
qualitative
Red Hat
5.3 MEDIUM
qualitative

Primary rating from GitHub Advisory.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 30, 2026 - 22:15 euvd
EUVD-2026-17237
Analysis Generated
Mar 30, 2026 - 22:15 vuln.today
CVE Published
Mar 30, 2026 - 21:43 nvd
MEDIUM 5.3

DescriptionGitHub Advisory

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a double-free vulnerability in kerberos_AcceptSecurityContext() and kerberos_InitializeSecurityContextA() (WinPR, winpr/libwinpr/sspi/Kerberos/kerberos.c) can cause a crash in any FreeRDP clients on systems where Kerberos and/or Kerberos U2U is configured (Samba AD member, or krb5 for NFS). The crash is triggered during NLA connection teardown and requires a failed authentication attempt. This issue has been patched in version 3.24.2.

AnalysisAI

FreeRDP prior to version 3.24.2 contains a double-free vulnerability in Kerberos authentication handling that crashes FreeRDP clients during NLA connection teardown following failed authentication attempts on systems with Kerberos configured. The vulnerability affects all versions before 3.24.2 across multiple Linux distributions (Debian, Ubuntu) and requires network access but no authentication credentials, presenting a denial-of-service vector against RDP clients in enterprise environments using Kerberos or Kerberos U2U authentication. No public exploit code has been identified, and the impact is limited to availability (denial of service) rather than confidentiality or integrity.

Technical ContextAI

The vulnerability exists in WinPR's SSPI (Security Support Provider Interface) Kerberos implementation, specifically in the kerberos_AcceptSecurityContext() and kerberos_InitializeSecurityContextA() functions located in winpr/libwinpr/sspi/Kerberos/kerberos.c. The root cause is a double-free memory management error (CWE-415), where memory is freed more than once during the cleanup phase of failed Kerberos authentication exchanges. This occurs in the NLA (Network Level Authentication) teardown sequence when authentication fails, affecting FreeRDP clients on systems where Kerberos authentication is enabled, including Samba AD member servers and systems using krb5 for network file system (NFS) authentication. The vulnerability is triggered specifically during connection termination after a failed authentication attempt, not during normal successful authentication flows.

RemediationAI

Upgrade FreeRDP to version 3.24.2 or later to resolve the double-free vulnerability. Vendor-released patch: FreeRDP 3.24.2. Users should prioritize patching on systems where Kerberos authentication is configured and FreeRDP clients are deployed. For Ubuntu, security updates are available through standard package repositories (ubuntu.com), and for Debian, updates are available through the Debian Security Team. No workarounds exist to prevent the crash without patching; the vulnerability can only be mitigated by restricting RDP client access or disabling NLA-based connections on affected systems. Refer to the GitHub security advisory (https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mv25-f4p2-5mxx) and the upstream commit (https://github.com/FreeRDP/FreeRDP/commit/8078b8af1359055972e4fb2f509f543b69169391) for technical details and patch verification.

Vendor StatusVendor

Ubuntu

Priority: Medium
freerdp
Release Status Version
xenial needs-triage -
bionic needs-triage -
jammy DNE -
noble DNE -
questing DNE -
upstream needs-triage -
freerdp2
Release Status Version
bionic needs-triage -
focal needs-triage -
jammy needs-triage -
noble needs-triage -
questing DNE -
upstream needs-triage -
freerdp3
Release Status Version
jammy DNE -
noble needs-triage -
questing needs-triage -
upstream needs-triage -

Debian

freerdp2
Release Status Fixed Version Urgency
bullseye vulnerable 2.3.0+dfsg1-2+deb11u1 -
bullseye (security) vulnerable 2.3.0+dfsg1-2+deb11u3 -
bookworm vulnerable 2.11.7+dfsg1-6~deb12u1 -
(unstable) fixed (unfixed) -
freerdp3
Release Status Fixed Version Urgency
trixie vulnerable 3.15.0+dfsg-2.1 -
forky, sid fixed 3.24.2+dfsg-1 -
(unstable) fixed 3.24.2+dfsg-1 -

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP7 Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP7 Fixed
SUSE Linux Enterprise Server 15 SP7 Fixed

Share

CVE-2026-33995 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy