CVE-2023-43826

Apache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow. If a user connects to a malicious or compromised VNC server, specially-crafted data could result in memory corruption, possibly allowing arbitrary code to be executed with the privileges of the running guacd process. Users are recommended to upgrade to version 1.5.4, which fixes this issue.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
http://www.openwall.com/lists/oss-security/2023/12/19/4	Mailing List Third Party Advisory
https://lists.apache.org/thread/23gzwftpfgtq97tj6ttmbclry53kmwv6	Mailing List Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:apache:guacamole:*:*:*:*:*:*:*:*

History

22 Dec 2023, 20:45

Type	Values Removed	Values Added
First Time		Apache guacamole Apache
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.8
CPE		cpe:2.3:a:apache:guacamole::::::::
References	~~() https://lists.apache.org/thread/23gzwftpfgtq97tj6ttmbclry53kmwv6 -~~	() https://lists.apache.org/thread/23gzwftpfgtq97tj6ttmbclry53kmwv6 - Mailing List, Vendor Advisory
References	~~() http://www.openwall.com/lists/oss-security/2023/12/19/4 -~~	() http://www.openwall.com/lists/oss-security/2023/12/19/4 - Mailing List, Third Party Advisory

20 Dec 2023, 13:50

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-12-19 20:15

Updated : 2024-02-28 20:54

NVD link : CVE-2023-43826

Mitre link : CVE-2023-43826

CVE.ORG link : CVE-2023-43826

JSON object : View

Products Affected

apache

guacamole

CWE

CWE-190

Integer Overflow or Wraparound

{"id": "CVE-2023-43826", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "security@apache.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.6}]}, "published": "2023-12-19T20:15:08.300", "references": [{"url": "http://www.openwall.com/lists/oss-security/2023/12/19/4", "tags": ["Mailing List", "Third Party Advisory"], "source": "security@apache.org"}, {"url": "https://lists.apache.org/thread/23gzwftpfgtq97tj6ttmbclry53kmwv6", "tags": ["Mailing List", "Vendor Advisory"], "source": "security@apache.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security@apache.org", "description": [{"lang": "en", "value": "CWE-190"}]}], "descriptions": [{"lang": "en", "value": "Apache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow. If a user connects to a malicious or compromised VNC server, specially-crafted data could result in memory corruption, possibly allowing arbitrary code to be executed with the privileges of the running guacd process.\n\nUsers are recommended to upgrade to version 1.5.4, which fixes this issue.\n\n"}, {"lang": "es", "value": "Apache Guacamole 1.5.3 y anteriores no garantizan sistem\u00e1ticamente que los valores recibidos de un servidor VNC no produzcan un desbordamiento de enteros. Si un usuario se conecta a un servidor VNC malicioso o comprometido, los datos especialmente manipulados podr\u00edan da\u00f1ar la memoria, permitiendo posiblemente que se ejecute c\u00f3digo arbitrario con los privilegios del proceso guacd en ejecuci\u00f3n. Se recomienda a los usuarios actualizar a la versi\u00f3n 1.5.4, que soluciona este problema."}], "lastModified": "2023-12-22T20:45:28.967", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:guacamole:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BCF38330-2A18-4595-BDB4-0789A9F4BD2C", "versionEndIncluding": "1.5.3"}], "operator": "OR"}]}], "sourceIdentifier": "security@apache.org"}