CVE-2026-33952

EUVD-2026-17221

30.03.2026, 22:16

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, an unvalidated auth_length field read from the network triggers a WINPR_ASSERT() failure in rts_read_auth_verifier_no_checks(), causing any FreeRDP client connecting through a malicious RDP Gateway to crash with SIGABRT. This is a pre-authentication denial of service affecting all FreeRDP clients using RPC-over-HTTP gateway transport. The assertion is active in default release builds (WITH_VERBOSE_WINPR_ASSERT=ON). This issue has been patched in version 3.24.2.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.5 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 28%

Affected Products (NVD)

Vendor	Product	Version
freerdp	freerdp	𝑥 < 3.24.2

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

freerdp2

bookworm	no-dsa
bullseye	vulnerable
bullseye (security)	vulnerable

freerdp3

forky	3.24.2+dfsg-1 fixed
sid	3.26.0+dfsg-1 fixed
trixie	no-dsa

Known Exploits!

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4v4p-9v5x-hc93

Common Weakness Enumeration

CWE-617 - Reachable Assertion
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

Vulnerability Media Exposure

[GERMAN] FreeRDP: Mehrere Schwachstellen
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in FreeRDP ausnutzen, um potenziell beliebigen Code auszuführen, einen Denial-of-Service-Zustand herbeizuführen, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder andere, nicht näher spezifizierte Angriffe durchzuführen.
Published: 2026-03-25T23:00:00+00:00

References

https://github.com/FreeRDP/FreeRDP/commit/4ac0b6467d371a1ad47c1f751c5b305e4c068adb

https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4v4p-9v5x-hc93