Prahal

**Name of the Vulnerable Software and Affected Versions** FreeRDP versions prior to 3.24.2 **Description** FreeRDP is a free implementation of the Remote Desktop Protocol. A double-free issue exists in the `kerberos AcceptSecurityContext()` and `kerberos InitializeSecurityContextA()` functions (WinPR, winpr/libwinpr/sspi/Kerberos/kerberos.c). This can lead to a crash in FreeRDP clients on systems configured with Kerberos and/or Kerberos U2U, such as Samba AD members or systems using krb5 for NFS. The crash occurs during Network Level Authentication (NLA) connection teardown and requires a failed authentication attempt. **Recommendations** Upgrade to FreeRDP version 3.24.2 or later.