{"id":"CVE-2026-33995","summary":"FreeRDP: Possible double free in kerberos_AcceptSecurityContext","details":"FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a double-free vulnerability in kerberos_AcceptSecurityContext() and kerberos_InitializeSecurityContextA() (WinPR, winpr/libwinpr/sspi/Kerberos/kerberos.c) can cause a crash in any FreeRDP clients on systems where Kerberos and/or Kerberos U2U is configured (Samba AD member, or krb5 for NFS). The crash is triggered during NLA connection teardown and requires a failed authentication attempt. This issue has been patched in version 3.24.2.","aliases":["GHSA-mv25-f4p2-5mxx"],"modified":"2026-05-30T05:47:33.628187Z","published":"2026-03-30T21:43:49.873Z","related":["SUSE-SU-2026:21436-1","openSUSE-SU-2026:10633-1","openSUSE-SU-2026:20657-1"],"database_specific":{"unresolved_ranges":[{"source":"AFFECTED_FIELD","extracted_events":[{"fixed":"3.24.2"}]}],"cwe_ids":["CWE-415"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/33xxx/CVE-2026-33995.json","cna_assigner":"GitHub_M"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/33xxx/CVE-2026-33995.json"},{"type":"ADVISORY","url":"https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mv25-f4p2-5mxx"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33995"},{"type":"FIX","url":"https://github.com/FreeRDP/FreeRDP/commit/8078b8af1359055972e4fb2f509f543b69169391"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/freerdp/freerdp","events":[{"introduced":"0"},{"fixed":"8078b8af1359055972e4fb2f509f543b69169391"}],"database_specific":{"source":"REFERENCES"}}],"versions":["3.5.1","3.5.0","3.4.0","3.3.0","3.2.0","3.1.0","3.0.0","3.0.0-rc0","3.0.0-beta4","3.0.0-beta3","3.0.0-beta2","3.0.0-beta1","2.0.0","2.0.0-rc4","2.0.0-rc3","2.0.0-rc2","2.0.0-rc1","2.0.0-rc0","2.0.0-beta1+android11","2.0.0-beta1+android10","1.2.0-beta1+android9","1.2.0-beta1+android7","1.1.0-beta+2013071101","1.1.0-beta1+ios4","1.1.0-beta1+android5","1.1.0-beta1+android4","1.1.0-beta1+ios3","1.1.0-beta1+ios2","1.1.0-beta1+android3","1.1.0-beta1+android2","1.1.0-beta1+ios1","1.1.0-beta1","1.0.1","1.0.0","1.0-beta5","1.0-beta4","1.0-beta2","1.0-beta1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-33995.json","vanir_signatures":[{"source":"https://github.com/freerdp/freerdp/commit/8078b8af1359055972e4fb2f509f543b69169391","target":{"file":"winpr/libwinpr/sspi/Kerberos/kerberos.c","function":"kerberos_AcceptSecurityContext"},"signature_version":"v1","id":"CVE-2026-33995-161a9362","digest":{"length":3973,"function_hash":"238143633398654507201364296480508618014"},"signature_type":"Function","deprecated":false},{"source":"https://github.com/freerdp/freerdp/commit/8078b8af1359055972e4fb2f509f543b69169391","target":{"file":"winpr/libwinpr/sspi/Negotiate/negotiate.c","function":"negotiate_FreeCredentialsHandle"},"signature_version":"v1","id":"CVE-2026-33995-260f128b","digest":{"length":484,"function_hash":"312975627917680012793500774217019728641"},"signature_type":"Function","deprecated":false},{"source":"https://github.com/freerdp/freerdp/commit/8078b8af1359055972e4fb2f509f543b69169391","target":{"file":"winpr/libwinpr/sspi/CredSSP/credssp.c","function":"credssp_FreeCredentialsHandle"},"signature_version":"v1","id":"CVE-2026-33995-3c79d95f","digest":{"length":229,"function_hash":"16460176233854723599019559371890470914"},"signature_type":"Function","deprecated":false},{"source":"https://github.com/freerdp/freerdp/commit/8078b8af1359055972e4fb2f509f543b69169391","target":{"file":"winpr/libwinpr/sspi/Schannel/schannel.c","function":"schannel_FreeCredentialsHandle"},"signature_version":"v1","id":"CVE-2026-33995-3ce635a9","digest":{"length":229,"function_hash":"16460176233854723599019559371890470914"},"signature_type":"Function","deprecated":false},{"source":"https://github.com/freerdp/freerdp/commit/8078b8af1359055972e4fb2f509f543b69169391","target":{"file":"winpr/libwinpr/sspi/Kerberos/kerberos.c","function":"kerberos_DeleteSecurityContext"},"signature_version":"v1","id":"CVE-2026-33995-3f8edbd1","digest":{"length":232,"function_hash":"177960452924703698948711258227703233096"},"signature_type":"Function","deprecated":false},{"source":"https://github.com/freerdp/freerdp/commit/8078b8af1359055972e4fb2f509f543b69169391","target":{"file":"winpr/libwinpr/sspi/Kerberos/kerberos.c"},"signature_version":"v1","id":"CVE-2026-33995-477fa492","digest":{"line_hashes":["262384228994036741267596322074289783304","44713147992728901224039320609358232665","317061882807920244834538611541761602424","118286855659044064715724574385624829211","120219651845039694781725571453721331439","340029966915400193181222903227493501751","221756639051125272987419931170346759470","156493476000878147792699242446591243723","87729099995235669254526246669532611619","116195470648629495645339880141355755496","114101761015448695539346022644281860506","137925516451185157891697666782910161588","87729099995235669254526246669532611619","116195470648629495645339880141355755496","114101761015448695539346022644281860506","137925516451185157891697666782910161588","135876109701616092981338147401315817848","68696619462828060059235289220670123533","291369659098184709707573265131911580394","329504801360601742214308551515745897397"],"threshold":0.9},"signature_type":"Line","deprecated":false},{"source":"https://github.com/freerdp/freerdp/commit/8078b8af1359055972e4fb2f509f543b69169391","target":{"file":"winpr/libwinpr/sspi/Negotiate/negotiate.c","function":"negotiate_DeleteSecurityContext"},"signature_version":"v1","id":"CVE-2026-33995-50325d3b","digest":{"length":479,"function_hash":"159202808559067838327507011753189010490"},"signature_type":"Function","deprecated":false},{"source":"https://github.com/freerdp/freerdp/commit/8078b8af1359055972e4fb2f509f543b69169391","target":{"file":"winpr/libwinpr/sspi/CredSSP/credssp.c"},"signature_version":"v1","id":"CVE-2026-33995-9fa89f9a","digest":{"line_hashes":["155618103437202111015196121196122035757","208393315365646318519286492273527623358","51121835483873009323390560717878735562","19594250912936460678934258197704730651","298992074853845437168973997844400800362","87117939474956572334842565037648613803","311926563937540730399758660109441563215"],"threshold":0.9},"signature_type":"Line","deprecated":false},{"source":"https://github.com/freerdp/freerdp/commit/8078b8af1359055972e4fb2f509f543b69169391","target":{"file":"winpr/libwinpr/sspi/Schannel/schannel.c","function":"schannel_DeleteSecurityContext"},"signature_version":"v1","id":"CVE-2026-33995-ae21c066","digest":{"length":184,"function_hash":"73069159185102437173371335106099634666"},"signature_type":"Function","deprecated":false},{"source":"https://github.com/freerdp/freerdp/commit/8078b8af1359055972e4fb2f509f543b69169391","target":{"file":"winpr/libwinpr/sspi/NTLM/ntlm.c","function":"ntlm_DeleteSecurityContext"},"signature_version":"v1","id":"CVE-2026-33995-bb01c6a6","digest":{"length":125,"function_hash":"3127222078057907555886163133155380257"},"signature_type":"Function","deprecated":false},{"source":"https://github.com/freerdp/freerdp/commit/8078b8af1359055972e4fb2f509f543b69169391","target":{"file":"winpr/libwinpr/sspi/Negotiate/negotiate.c"},"signature_version":"v1","id":"CVE-2026-33995-bc2e9acd","digest":{"line_hashes":["167133739886790516573498472974564369680","196988759073018240227519413923696896605","222018742498755029179130520883305300472","112116320735740223359353239064320513235","143840401904356889225110113909836303960","212732355478378066596513626510156007050","148706350194904462512333259513127409022","38288882237048424293801091197969888901","206818454688816751546799778867917761383","254915871516930349072344255301535032657"],"threshold":0.9},"signature_type":"Line","deprecated":false},{"source":"https://github.com/freerdp/freerdp/commit/8078b8af1359055972e4fb2f509f543b69169391","target":{"file":"winpr/libwinpr/sspi/Kerberos/kerberos.c","function":"kerberos_FreeCredentialsHandle"},"signature_version":"v1","id":"CVE-2026-33995-bcdb7053","digest":{"length":246,"function_hash":"151440993470553687071812792292281353800"},"signature_type":"Function","deprecated":false},{"source":"https://github.com/freerdp/freerdp/commit/8078b8af1359055972e4fb2f509f543b69169391","target":{"file":"winpr/libwinpr/sspi/NTLM/ntlm.c","function":"ntlm_FreeCredentialsHandle"},"signature_version":"v1","id":"CVE-2026-33995-c6e6175e","digest":{"length":213,"function_hash":"33810627702256896976508561385029533524"},"signature_type":"Function","deprecated":false},{"source":"https://github.com/freerdp/freerdp/commit/8078b8af1359055972e4fb2f509f543b69169391","target":{"file":"winpr/libwinpr/sspi/Kerberos/kerberos.c","function":"kerberos_InitializeSecurityContextA"},"signature_version":"v1","id":"CVE-2026-33995-d33542d4","digest":{"length":6308,"function_hash":"307812585918943996971558320392981377767"},"signature_type":"Function","deprecated":false},{"source":"https://github.com/freerdp/freerdp/commit/8078b8af1359055972e4fb2f509f543b69169391","target":{"file":"winpr/libwinpr/sspi/Schannel/schannel.c"},"signature_version":"v1","id":"CVE-2026-33995-de8762ab","digest":{"line_hashes":["217586671321554574065959413365611393968","308582910469320627012927898922844089219","100166094569979141808765323516169208787","41095444624887877047891693996250538800","311441037002487662481739116322233356500","299269439459581963254589561313877265661","175618416166413878980166313439706213259","260846052665685233760030346720121640987","202748697251186895252788779605631909172","318848311342423097599802697677580419778","283874301775982079606497583352365769128","132657907370772565903691877750266405233"],"threshold":0.9},"signature_type":"Line","deprecated":false},{"source":"https://github.com/freerdp/freerdp/commit/8078b8af1359055972e4fb2f509f543b69169391","target":{"file":"winpr/libwinpr/sspi/NTLM/ntlm.c"},"signature_version":"v1","id":"CVE-2026-33995-fbd7e824","digest":{"line_hashes":["27499655661146415658839517238247150353","311118092638390291722404035300917828565","116039324683008459574054061619094612054","128316517213267724743230035612824363774","220083994263434457384144194219609688333","129318752196716762278984930001337910995","228282260635999545426479861027628897699"],"threshold":0.9},"signature_type":"Line","deprecated":false}],"vanir_signatures_modified":"2026-05-30T05:47:33Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}]}