Alpine: freerdp: security update to 3.24.2-r0

medium Tenable Self-Hosted Container Security Plugin ID 439410

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, there is a heap-
buffer-overflow READ vulnerability at 24 bytes before the allocation, in winpr_aligned_offset_recalloc().
This issue has been patched in version 3.24.2. (CVE-2026-33982)

- FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, an unvalidated
auth_length field read from the network triggers a WINPR_ASSERT() failure in
rts_read_auth_verifier_no_checks(), causing any FreeRDP client connecting through a malicious RDP Gateway
to crash with SIGABRT. This is a pre-authentication denial of service affecting all FreeRDP clients using
RPC-over-HTTP gateway transport. The assertion is active in default release builds
(WITH_VERBOSE_WINPR_ASSERT=ON). This issue has been patched in version 3.24.2. (CVE-2026-33952)

- FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a malicious RDP
server can crash the FreeRDP client by sending audio data in IMA ADPCM format with an invalid initial step
index value (>= 89). The unvalidated step index is read directly from the network and used to index into a
89-entry lookup table, triggering a WINPR_ASSERT() failure and process abort via SIGABRT. This affects any
FreeRDP client that has audio redirection (RDPSND) enabled, which is the default configuration. This issue
has been patched in version 3.24.2. (CVE-2026-33977)

- FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2,
progressive_decompress_tile_upgrade() detects a mismatch via progressive_rfx_quant_cmp_equal() but only
emits WLog_WARN, execution continues. The wrapped value (247) is used as a shift exponent, causing
undefined behavior and an approximately 80 billion iteration loop (CPU DoS). This issue has been patched
in version 3.24.2. (CVE-2026-33983)

Solution

Update the freerdp library and its related packages to version 3.24.2-r0 or later.

See Also

https://security.alpinelinux.org/vuln/CVE-2026-33952

https://security.alpinelinux.org/vuln/CVE-2026-33977

https://security.alpinelinux.org/vuln/CVE-2026-33982

https://security.alpinelinux.org/vuln/CVE-2026-33983

https://security.alpinelinux.org/vuln/CVE-2026-33984

https://security.alpinelinux.org/vuln/CVE-2026-33985

https://security.alpinelinux.org/vuln/CVE-2026-33986

https://security.alpinelinux.org/vuln/CVE-2026-33987

https://security.alpinelinux.org/vuln/CVE-2026-33995

Plugin Details

Severity: Medium

ID: 439410

Version: Revision 1.8

Type: Local

Published: 3/28/2026

Updated: 7/2/2026

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 57.75

CVSS v2

Risk Factor: High

Base Score: 9.4

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:C

CVSS Score Source: CVE-2026-33982

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS v4

Risk Factor: Medium

Base Score: 6.9

Threat Score: 5.5

Threat Vector: CVSS:4.0/E:P

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

CVSS Score Source: CVE-2026-33977

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Reference Information

CVE: CVE-2026-33952, CVE-2026-33977, CVE-2026-33982, CVE-2026-33983, CVE-2026-33984, CVE-2026-33985, CVE-2026-33986, CVE-2026-33987, CVE-2026-33995