Apache Guacamole 0.9.10 through 1.5.1 may continue to reference a freed RDP audio input buffer. Depending on timing, this may allow an attacker to execute arbitrary code with the privileges of the guacd process.
References
Link | Resource |
---|---|
https://lists.apache.org/thread/vgtvxb3w7mm84hx6v8dfc0onsoz05gb6 | Mailing List Vendor Advisory |
Configurations
History
14 Jun 2023, 14:33
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:apache:guacamole:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.1 |
References | (MISC) https://lists.apache.org/thread/vgtvxb3w7mm84hx6v8dfc0onsoz05gb6 - Mailing List, Vendor Advisory |
07 Jun 2023, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-07 09:15
Updated : 2024-02-04 23:37
NVD link : CVE-2023-30576
Mitre link : CVE-2023-30576
CVE.ORG link : CVE-2023-30576
JSON object : View
Products Affected
apache
- guacamole
CWE
CWE-416
Use After Free