Apache Guacamole 1.5.1 and older may incorrectly calculate the lengths of instruction elements sent during the Guacamole protocol handshake, potentially allowing an attacker to inject Guacamole instructions during the handshake through specially-crafted data.
References
Link | Resource |
---|---|
https://lists.apache.org/thread/tn63n2lon0h5p45oft834t1dqvvxownv | Mailing List Third Party Advisory |
Configurations
History
14 Jun 2023, 14:58
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CWE | CWE-131 | |
CPE | cpe:2.3:a:apache:guacamole:*:*:*:*:*:*:*:* | |
References | (MISC) https://lists.apache.org/thread/tn63n2lon0h5p45oft834t1dqvvxownv - Mailing List, Third Party Advisory |
07 Jun 2023, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-07 09:15
Updated : 2024-02-04 23:37
NVD link : CVE-2023-30575
Mitre link : CVE-2023-30575
CVE.ORG link : CVE-2023-30575
JSON object : View
Products Affected
apache
- guacamole
CWE
CWE-131
Incorrect Calculation of Buffer Size