BIT-guacamole-2023-43826

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/guacamole/BIT-guacamole-2023-43826.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-guacamole-2023-43826
Aliases
Published
2024-03-06T10:52:51.071Z
Modified
2024-03-06T11:25:28.861Z
Summary
[none]
Details

Apache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow. If a user connects to a malicious or compromised VNC server, specially-crafted data could result in memory corruption, possibly allowing arbitrary code to be executed with the privileges of the running guacd process.Users are recommended to upgrade to version 1.5.4, which fixes this issue.

References

Affected packages

Bitnami / guacamole

Package

Name
guacamole
Purl
pkg:bitnami/guacamole

Severity

  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.5.3