Keryer

**Name of the Vulnerable Software and Affected Versions** FreeRDP versions prior to 3.22.0 **Description** FreeRDP, a free implementation of the Remote Desktop Protocol, contains a flaw. A NULL pointer dereference exists in the `rdp write logon info v2()` function. A malicious RDP server can exploit this by sending a specially crafted LogonInfoV2 Protocol Data Unit (PDU) where `cbDomain` or `cbUserName` is set to 0, potentially causing a FreeRDP proxy to crash. **Recommendations** Update to version 3.22.0 or later.