Apache Guacamole 1.5.1 and older may incorrectly calculate the lengths of instruction elements sent during the Guacamole protocol handshake, potentially allowing an attacker to inject Guacamole instructions during the handshake through specially-crafted data.
References
Link | Resource |
---|---|
https://lists.apache.org/thread/tn63n2lon0h5p45oft834t1dqvvxownv | Mailing List Third Party Advisory |
Configurations
History
14 Jun 2023, 14:58
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-131 | |
References | (MISC) https://lists.apache.org/thread/tn63n2lon0h5p45oft834t1dqvvxownv - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:a:apache:guacamole:*:*:*:*:*:*:*:* | |
First Time |
Apache
Apache guacamole |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
07 Jun 2023, 12:52
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-06-07 09:15
Updated : 2024-02-28 20:13
NVD link : CVE-2023-30575
Mitre link : CVE-2023-30575
CVE.ORG link : CVE-2023-30575
JSON object : View
Products Affected
apache
- guacamole
CWE
CWE-131
Incorrect Calculation of Buffer Size