Apache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow. If a user connects to a malicious or compromised VNC server, specially-crafted data could result in memory corruption, possibly allowing arbitrary code to be executed with the privileges of the running guacd process.
Users are recommended to upgrade to version 1.5.4, which fixes this issue.
References
Link | Resource |
---|---|
http://www.openwall.com/lists/oss-security/2023/12/19/4 | Mailing List Third Party Advisory |
https://lists.apache.org/thread/23gzwftpfgtq97tj6ttmbclry53kmwv6 | Mailing List Vendor Advisory |
http://www.openwall.com/lists/oss-security/2023/12/19/4 | Mailing List Third Party Advisory |
https://lists.apache.org/thread/23gzwftpfgtq97tj6ttmbclry53kmwv6 | Mailing List Vendor Advisory |
Configurations
History
21 Nov 2024, 08:24
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.openwall.com/lists/oss-security/2023/12/19/4 - Mailing List, Third Party Advisory | |
References | () https://lists.apache.org/thread/23gzwftpfgtq97tj6ttmbclry53kmwv6 - Mailing List, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
22 Dec 2023, 20:45
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:apache:guacamole:*:*:*:*:*:*:*:* | |
References | () https://lists.apache.org/thread/23gzwftpfgtq97tj6ttmbclry53kmwv6 - Mailing List, Vendor Advisory | |
References | () http://www.openwall.com/lists/oss-security/2023/12/19/4 - Mailing List, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
20 Dec 2023, 13:50
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-19 20:15
Updated : 2024-11-21 08:24
NVD link : CVE-2023-43826
Mitre link : CVE-2023-43826
CVE.ORG link : CVE-2023-43826
JSON object : View
Products Affected
apache
- guacamole
CWE
CWE-190
Integer Overflow or Wraparound