CVE-2026-33995 in FreeRDP
Resumen (Inglés)
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a double-free vulnerability in kerberos_AcceptSecurityContext() and kerberos_InitializeSecurityContextA() (WinPR, winpr/libwinpr/sspi/Kerberos/kerberos.c) can cause a crash in any FreeRDP clients on systems where Kerberos and/or Kerberos U2U is configured (Samba AD member, or krb5 for NFS). The crash is triggered during NLA connection teardown and requires a failed authentication attempt. This issue has been patched in version 3.24.2.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Responsable
GitHub_M
Reservar
2026-03-24
Divulgación
2026-03-31
Estado
Confirmado
Voces
VulDB provides additional information and datapoints for this CVE:
| ID | Vulnerabilidad | CWE | Exp | Con | CVE |
|---|---|---|---|---|---|
| 354280 | FreeRDP kerberos.c kerberos_AcceptSecurityContext desbordamiento de búfer | 415 | No está definido | Arreglo oficial | CVE-2026-33995 |
Descripción
CPE
CWE
CVSS
Hazañas
Historia
Diferencia
Relacionar
Inteligencia de amenazas
API JSON
API XML
API CSV