CVE-2026-33977

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a malicious RDP server can crash the FreeRDP client by sending audio data in IMA ADPCM format with an invalid initial step index value (>= 89). The unvalidated step index is read directly from the network and used to index into a 89-entry lookup table, triggering a WINPR_ASSERT() failure and process abort via SIGABRT. This affects any FreeRDP client that has audio redirection (RDPSND) enabled, which is the default configuration. This issue has been patched in version 3.24.2.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/FreeRDP/FreeRDP/commit/9be3f03d94a50892fd58a9f7dee72b2313c69b47	Patch
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8f2g-3q27-6xm5	Exploit Mitigation Patch Vendor Advisory
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8f2g-3q27-6xm5	Exploit Mitigation Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:freerdp:freerdp:*:*:*:*:*:*:*:*

History

01 Apr 2026, 20:05

Type	Values Removed	Values Added
References	~~() https://github.com/FreeRDP/FreeRDP/commit/9be3f03d94a50892fd58a9f7dee72b2313c69b47 -~~	() https://github.com/FreeRDP/FreeRDP/commit/9be3f03d94a50892fd58a9f7dee72b2313c69b47 - Patch
References	~~() https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8f2g-3q27-6xm5 -~~	() https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8f2g-3q27-6xm5 - Exploit, Mitigation, Patch, Vendor Advisory
First Time		Freerdp Freerdp freerdp
CPE		cpe:2.3:a:freerdp:freerdp::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.5

31 Mar 2026, 20:16

Type	Values Removed	Values Added
References	~~() https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8f2g-3q27-6xm5 -~~	() https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8f2g-3q27-6xm5 -
Summary		(es) FreeRDP es una implementación gratuita del Protocolo de Escritorio Remoto. Antes de la versión 3.24.2, un servidor RDP malicioso puede provocar el fallo del cliente FreeRDP al enviar datos de audio en formato IMA ADPCM con un valor de índice de paso inicial no válido (>= 89). El índice de paso no validado se lee directamente de la red y se utiliza para indexar una tabla de búsqueda de 89 entradas, lo que desencadena un fallo de WINPR_ASSERT() y la interrupción del proceso a través de SIGABRT. Esto afecta a cualquier cliente FreeRDP que tenga la redirección de audio (RDPSND) habilitada, que es la configuración predeterminada. Este problema ha sido parcheado en la versión 3.24.2.

30 Mar 2026, 22:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-30 22:16

Updated : 2026-04-01 20:05

NVD link : CVE-2026-33977

Mitre link : CVE-2026-33977

CVE.ORG link : CVE-2026-33977

JSON object : View

Products Affected

freerdp

freerdp

CWE

CWE-617

Reachable Assertion

6.5 /10