diff --git a/debian/changelog b/debian/changelog
index 5f2cf0b..e24fb2c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,12 +1,14 @@
 freerdp2 (2.3.0+dfsg1-2+deb10u4) UNRELEASED; urgency=medium
 
   * Non-maintainer upload by the LTS Security Team.
+  * Previous upload had a typo in the CVE list: It was CVE 2023-40567 not
+    CVE 2023-39357.
   * Import fix for CVE-2021-41160 - Improper region checks in all clients
     allow out of bound write to memory (Closes: #1001062)
   * Import fix for CVE-2022-24882 - Server side NTLM does not properly check
     parameters.
-  * Previous upload: fix typo in CVE list. It was CVE 2023-40567 not CVE
-    2023-39357.
+  * Import fix for CVE-2022-24883 - FreeRDP Server authentication might allow
+    invalid credentials to pass.
 
  -- Tobias Frost <tobi@debian.org>  Sat, 28 Oct 2023 18:12:57 +0200
 
diff --git a/debian/patches/0052-CVE-2022-24883.patch b/debian/patches/0052-CVE-2022-24883.patch
new file mode 100644
index 0000000..62cbfdd
--- /dev/null
+++ b/debian/patches/0052-CVE-2022-24883.patch
@@ -0,0 +1,100 @@
+Description: CVE-2022-24883 - FreeRDP Server authentication might allow invalid credentials to pass
+Origin: https://github.com/FreeRDP/FreeRDP/commit/6f473b273a4b6f0cb6aca32b95e22fd0de88e144
+Bug: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-qxm3-v2r6-vmwf
+From 6f473b273a4b6f0cb6aca32b95e22fd0de88e144 Mon Sep 17 00:00:00 2001
+From: akallabeth <akallabeth@posteo.net>
+Date: Fri, 22 Apr 2022 14:42:11 +0200
+Subject: [PATCH] Cleaned up ntlm_fetch_ntlm_v2_hash
+
+(cherry picked from commit 4661492e5a617199457c8074bad22f766a116cdc)
+---
+ winpr/libwinpr/sspi/NTLM/ntlm_compute.c | 58 +++++++++++--------------
+ 1 file changed, 25 insertions(+), 33 deletions(-)
+
+--- a/winpr/libwinpr/sspi/NTLM/ntlm_compute.c
++++ b/winpr/libwinpr/sspi/NTLM/ntlm_compute.c
+@@ -282,10 +282,11 @@
+ 		ntlm_current_time(context->Timestamp);
+ }
+ 
+-static int ntlm_fetch_ntlm_v2_hash(NTLM_CONTEXT* context, BYTE* hash)
++static BOOL ntlm_fetch_ntlm_v2_hash(NTLM_CONTEXT* context, BYTE* hash)
+ {
+-	WINPR_SAM* sam;
+-	WINPR_SAM_ENTRY* entry;
++	BOOL rc = FALSE;
++	WINPR_SAM* sam = NULL;
++	WINPR_SAM_ENTRY* entry = NULL;
+ 	SSPI_CREDENTIALS* credentials;
+ 
+ 	WINPR_ASSERT(context);
+@@ -295,48 +296,39 @@
+ 	sam = SamOpen(context->SamFile, TRUE);
+ 
+ 	if (!sam)
+-		return -1;
++		goto fail;
+ 
+ 	entry = SamLookupUserW(
+-	    sam, (LPWSTR)credentials->identity.User, credentials->identity.UserLength * 2,
+-	    (LPWSTR)credentials->identity.Domain, credentials->identity.DomainLength * 2);
++	    sam, (LPWSTR)credentials->identity.User, credentials->identity.UserLength * sizeof(WCHAR),
++	    (LPWSTR)credentials->identity.Domain, credentials->identity.DomainLength * sizeof(WCHAR));
+ 
+-	if (entry)
++	if (!entry)
+ 	{
+-#ifdef WITH_DEBUG_NTLM
+-		WLog_VRB(TAG, "NTLM Hash:");
+-		winpr_HexDump(TAG, WLOG_DEBUG, entry->NtHash, 16);
+-#endif
+-		NTOWFv2FromHashW(entry->NtHash, (LPWSTR)credentials->identity.User,
+-		                 credentials->identity.UserLength * 2, (LPWSTR)credentials->identity.Domain,
+-		                 credentials->identity.DomainLength * 2, (BYTE*)hash);
+-		SamFreeEntry(sam, entry);
+-		SamClose(sam);
+-		return 1;
++		entry = SamLookupUserW(sam, (LPWSTR)credentials->identity.User,
++		                       credentials->identity.UserLength * sizeof(WCHAR), NULL, 0);
+ 	}
+ 
+-	entry = SamLookupUserW(sam, (LPWSTR)credentials->identity.User,
+-	                       credentials->identity.UserLength * 2, NULL, 0);
++	if (!entry)
++		goto fail;
+ 
+-	if (entry)
+-	{
+ #ifdef WITH_DEBUG_NTLM
+ 		WLog_VRB(TAG, "NTLM Hash:");
+ 		winpr_HexDump(TAG, WLOG_DEBUG, entry->NtHash, 16);
+ #endif
+-		NTOWFv2FromHashW(entry->NtHash, (LPWSTR)credentials->identity.User,
+-		                 credentials->identity.UserLength * 2, (LPWSTR)credentials->identity.Domain,
+-		                 credentials->identity.DomainLength * 2, (BYTE*)hash);
+-		SamFreeEntry(sam, entry);
+-		SamClose(sam);
+-		return 1;
+-	}
+-	else
+-	{
+-		SamClose(sam);
++	    NTOWFv2FromHashW(entry->NtHash, (LPWSTR)credentials->identity.User,
++	                     credentials->identity.UserLength * sizeof(WCHAR),
++	                     (LPWSTR)credentials->identity.Domain,
++	                     credentials->identity.DomainLength * sizeof(WCHAR), (BYTE*)hash);
++
++	    rc = TRUE;
++
++fail:
++	SamFreeEntry(sam, entry);
++	SamClose(sam);
++	if (!rc)
+ 		WLog_ERR(TAG, "Error: Could not find user in SAM database");
+-		return 0;
+-	}
++
++	return rc;
+ }
+ 
+ static int ntlm_convert_password_hash(NTLM_CONTEXT* context, BYTE* hash)
diff --git a/debian/patches/series b/debian/patches/series
index d47080a..aa4df72 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -41,3 +41,4 @@
 0049-CVE-2023-40589.patch
 0050-CVE-2021-41160.patch
 0051-CVE-2022-24882.patch
+0052-CVE-2022-24883.patch