BIT-guacamole-server-2023-30575

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/guacamole-server/BIT-guacamole-server-2023-30575.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-guacamole-server-2023-30575

Aliases

Published

2024-03-06T10:53:14.005Z

Modified

2024-03-06T11:25:28.861Z

Summary

[none]

Details

Apache Guacamole 1.5.1 and older may incorrectly calculate the lengths of instruction elements sent during the Guacamole protocol handshake, potentially allowing an attacker to inject Guacamole instructions during the handshake through specially-crafted data.

Database specific

{
    "cpes": [
        "cpe:2.3:a:apache:guacamole:*:*:*:*:*:*:*:*"
    ],
    "severity": "High"
}

References

https://lists.apache.org/thread/tn63n2lon0h5p45oft834t1dqvvxownv

Affected packages

Bitnami / guacamole-server

Package

Name: guacamole-server
Purl: pkg:bitnami/guacamole-server

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5.2