CVE-2023-30575

Apache Guacamole 1.5.1 and older may incorrectly calculate the lengths of instruction elements sent during the Guacamole protocol handshake, potentially allowing an attacker to inject Guacamole instructions during the handshake through specially-crafted data.
References
Link Resource
https://lists.apache.org/thread/tn63n2lon0h5p45oft834t1dqvvxownv Mailing List Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:guacamole:*:*:*:*:*:*:*:*

History

14 Jun 2023, 14:58

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
CWE CWE-74 CWE-131
CPE cpe:2.3:a:apache:guacamole:*:*:*:*:*:*:*:*
References (MISC) https://lists.apache.org/thread/tn63n2lon0h5p45oft834t1dqvvxownv - (MISC) https://lists.apache.org/thread/tn63n2lon0h5p45oft834t1dqvvxownv - Mailing List, Third Party Advisory

07 Jun 2023, 09:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-06-07 09:15

Updated : 2024-02-04 23:37


NVD link : CVE-2023-30575

Mitre link : CVE-2023-30575

CVE.ORG link : CVE-2023-30575


JSON object : View

Products Affected

apache

  • guacamole
CWE
CWE-131

Incorrect Calculation of Buffer Size