NULL pointer dereference in FreeRDP - #VU137842

 

NULL pointer dereference in FreeRDP - #VU137842

Published: July 16, 2026


Vulnerability identifier: #VU137842
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: N/A
CWE-ID: CWE-476
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: FreeRDP
Affected software:
FreeRDP

Detailed vulnerability description

The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to a NULL pointer dereference in smartcard request cleanup helpers free_reader_states_a/w in FreeRDP smartcard Device Control request handling when processing a malformed smartcard Device Control request that fails during rgReaderStates decoding after a remote-controlled cReaders value is set. A remote attacker can send a specially crafted smartcard Device Control request to cause a denial of service.

The issue is triggered during cleanup of a partially decoded smartcard operation when rgReaderStates remains NULL and cReaders is greater than zero. Smartcard redirection or smartcard proxy handling must be enabled in the affected path.


Remediation

Install security update from vendor's website.

Sources