CVE-2026-33995
Double-Free Vulnerability in FreeRDP Kerberos Causes Client Crash
Publication date: 2026-03-30
Last updated on: 2026-04-01
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| freerdp | freerdp | to 3.24.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-415 | The product calls free() twice on the same memory address. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a double-free issue in FreeRDP versions prior to 3.24.2. It occurs in the kerberos_AcceptSecurityContext() and kerberos_InitializeSecurityContextA() functions within the Kerberos implementation. When a failed authentication attempt happens during Network Level Authentication (NLA) connection teardown on systems configured with Kerberos or Kerberos U2U (such as Samba AD members or krb5 for NFS), the double-free can cause the FreeRDP client to crash.
How can this vulnerability impact me? :
The primary impact of this vulnerability is that it can cause a crash (denial of service) in FreeRDP clients on affected systems. This crash happens during connection teardown after a failed authentication attempt, potentially disrupting remote desktop sessions and causing service interruptions.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update FreeRDP to version 3.24.2 or later, where the double-free issue in kerberos_AcceptSecurityContext() and kerberos_InitializeSecurityContextA() has been patched.