Primary

Context

FreeRDP Kerberos Double-Free Vulnerability Leading to Crash

Vulnerability

Patched

A double-free vulnerability has been identified in FreeRDP versions prior to 3.24.2, specifically within the Kerberos security context functions. This vulnerability can cause a crash in FreeRDP clients on systems where Kerberos is configured, such as Samba Active Directory members or with krb5 for NFS. The issue arises during the Network Level Authentication (NLA) connection teardown, following a failed authentication attempt, which triggers the crash. The vulnerability was introduced with Kerberos support in FreeRDP 3.x and is present in all 3.x releases with Kerberos enabled.

Impact

Exploitation of this vulnerability leads to a heap double-free condition, causing a crash of the FreeRDP client. However, such heap vulnerabilities can often be exploited to execute arbitrary code under certain conditions.

Remediation

Users can upgrade to FreeRDP version 3.24.2 or later to address this vulnerability.

Added: Mar 30, 2026, 10:23 PM

Updated: Mar 30, 2026, 10:23 PM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

5.0

remediation

7.7

relevance

4.9

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

5.0

remediation

7.7

relevance

4.9

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

FreeRDP Kerberos Double-Free Vulnerability Leading to Crash

Vulnerability

Impact

Remediation

Affected Products

FreeRDP

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating