Primary

Context

FreeRDP NULL Pointer Dereference Vulnerability in LogonInfoV2 Handling Allowing Denial-of-Service

Vulnerability

Patched

A NULL pointer dereference vulnerability has been identified in FreeRDP versions prior to 3.22.0. The issue arises in the 'rdp_write_logon_info_v2()' function, where a malicious RDP server can cause FreeRDP proxy to crash. This is achieved by sending a specially crafted LogonInfoV2 PDU with 'cbDomain=0' or 'cbUserName=0'. The vulnerability exists because the 'rdp_info_read_string()' function can return a NULL pointer without proper validation, leading to a crash when FreeRDP proxy attempts to process the information.

Impact

Exploitation of this vulnerability causes a denial-of-service condition, where the FreeRDP proxy process crashes. This disruption affects all clients using the impacted proxy instance.

Remediation

Users can upgrade to FreeRDP version 3.22.0 or later to address this vulnerability.

Added: Feb 9, 2026, 7:27 PM

Updated: Feb 9, 2026, 10:05 PM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

5.0

remediation

7.7

relevance

2.6

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

5.0

remediation

7.7

relevance

2.6

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

FreeRDP NULL Pointer Dereference Vulnerability in LogonInfoV2 Handling Allowing Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

FreeRDP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating