CVE-2023-43826

Apache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow. If a user connects to a malicious or compromised VNC server, specially-crafted data could result in memory corruption, possibly allowing arbitrary code to be executed with the privileges of the running guacd process. Users are recommended to upgrade to version 1.5.4, which fixes this issue.
Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:guacamole:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:24

Type Values Removed Values Added
References () http://www.openwall.com/lists/oss-security/2023/12/19/4 - Mailing List, Third Party Advisory () http://www.openwall.com/lists/oss-security/2023/12/19/4 - Mailing List, Third Party Advisory
References () https://lists.apache.org/thread/23gzwftpfgtq97tj6ttmbclry53kmwv6 - Mailing List, Vendor Advisory () https://lists.apache.org/thread/23gzwftpfgtq97tj6ttmbclry53kmwv6 - Mailing List, Vendor Advisory
CVSS v2 : unknown
v3 : 8.8
v2 : unknown
v3 : 7.5

22 Dec 2023, 20:45

Type Values Removed Values Added
CPE cpe:2.3:a:apache:guacamole:*:*:*:*:*:*:*:*
References () https://lists.apache.org/thread/23gzwftpfgtq97tj6ttmbclry53kmwv6 - () https://lists.apache.org/thread/23gzwftpfgtq97tj6ttmbclry53kmwv6 - Mailing List, Vendor Advisory
References () http://www.openwall.com/lists/oss-security/2023/12/19/4 - () http://www.openwall.com/lists/oss-security/2023/12/19/4 - Mailing List, Third Party Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8

20 Dec 2023, 13:50

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-19 20:15

Updated : 2024-11-21 08:24


NVD link : CVE-2023-43826

Mitre link : CVE-2023-43826

CVE.ORG link : CVE-2023-43826


JSON object : View

Products Affected

apache

  • guacamole
CWE
CWE-190

Integer Overflow or Wraparound