CVE-2026-23948
- Source
- https://cve.org/CVERecord?id=CVE-2026-23948
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23948.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2026-23948
- Aliases
-
- GHSA-6f3c-qvqq-2px5
- Downstream
- Related
- Published
- 2026-02-09T18:12:00.737Z
- Modified
- 2026-04-19T10:47:08.513219Z
- Severity
-
- 6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- FreeRDP has a NULL Pointer Dereference in rdp_write_logon_info_v2()
- Details
-
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, a NULL pointer dereference vulnerability in rdpwritelogoninfov2() allows a malicious RDP server to crash FreeRDP proxy by sending a specially crafted LogonInfoV2 PDU with cbDomain=0 or cbUserName=0. This vulnerability is fixed in 3.22.0.
- Database specific
{ "cwe_ids": [ "CWE-476" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23948.json", "cna_assigner": "GitHub_M" }- References
Affected packages
Git / github.com/freerdp/freerdp
Affected versions
1.*
1.0-beta1
1.0-beta2
1.0-beta4
1.0-beta5
1.0.0
1.0.1
1.1.0-beta+2013071101
1.1.0-beta1
1.1.0-beta1+android2
1.1.0-beta1+android3
1.1.0-beta1+android4
1.1.0-beta1+android5
1.1.0-beta1+ios1
1.1.0-beta1+ios2
1.1.0-beta1+ios3
1.1.0-beta1+ios4
1.2.0-beta1+android7
1.2.0-beta1+android9
2.*
2.0.0
2.0.0-beta1+android10
2.0.0-beta1+android11
2.0.0-rc0
2.0.0-rc1
2.0.0-rc2
2.0.0-rc3
2.0.0-rc4
3.*
3.0.0
3.0.0-beta1
3.0.0-beta2
3.0.0-beta3
3.0.0-beta4
3.0.0-rc0
3.1.0
3.2.0
3.3.0
3.4.0
3.5.0
3.5.1
Database specific
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-23948.json"
vanir_signatures_modified
"2026-04-19T10:47:08Z"
vanir_signatures
[
{
"signature_version": "v1",
"signature_type": "Function",
"id": "CVE-2026-23948-491c49ff",
"digest": {
"function_hash": "296723680882049798059941187871937152013",
"length": 824.0
},
"source": "https://github.com/freerdp/freerdp/commit/4d44e3c097656a8b9ec696353647b0888ca45860",
"target": {
"function": "rdp_send_save_session_info",
"file": "libfreerdp/core/info.c"
},
"deprecated": false
},
{
"signature_version": "v1",
"signature_type": "Function",
"id": "CVE-2026-23948-bfdbc648",
"digest": {
"function_hash": "45724886677385241037297634780496029147",
"length": 859.0
},
"source": "https://github.com/freerdp/freerdp/commit/4d44e3c097656a8b9ec696353647b0888ca45860",
"target": {
"function": "rdp_write_logon_info_v2",
"file": "libfreerdp/core/info.c"
},
"deprecated": false
},
{
"signature_version": "v1",
"signature_type": "Line",
"id": "CVE-2026-23948-f6add5c7",
"digest": {
"threshold": 0.9,
"line_hashes": [
"303570308137007596241133626141409251069",
"172206055707252354396494738938528294681",
"177851478380184967999132012935321217321",
"133474851341614138189052200250901149880",
"149686881793546668771553315058884183438",
"150076584959503601564475936708831910079",
"194057982406646705393007491469310668470",
"110574586751174827215913481814788370533",
"81064420111355933664897814248294920029",
"77542545665329044225037360310978838805",
"58529151795256268344797828784330827848",
"270441581498131049657371839922562455109",
"27486731944105615811057150327580686535",
"171049451127415432941949176490140030192",
"183233678745431434199111828757168960887",
"198856791512734167340600705933671601592",
"124628853642793543083566204196081069369",
"295244551128561400658523636062862669416",
"20678181885798986216087982299654460067"
]
},
"source": "https://github.com/freerdp/freerdp/commit/4d44e3c097656a8b9ec696353647b0888ca45860",
"target": {
"file": "libfreerdp/core/info.c"
},
"deprecated": false
}
]