CVE-2017-3158

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2017-3158

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-3158.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-3158

Aliases

GHSA-3vv3-585q-wv6x

Related

UBUNTU-CVE-2017-3158

Published

2018-01-18T20:29:00Z

Modified

2024-09-03T01:50:08.181583Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A race condition in Guacamole's terminal emulator in versions 0.9.5 through 0.9.10-incubating could allow writes of blocks of printed data to overlap. Such overlapping writes could cause packet data to be misread as the packet length, resulting in the remaining data being written beyond the end of a statically-allocated buffer.

References

https://lists.apache.org/thread.html/b218d36bfdaf655d27382daec4dcd02ec717631f4aee8b7e4300ad65%40%3Cuser.guacamole.apache.org%3E

Affected packages

Git / github.com/apache/guacamole-server

Affected ranges

Type: GIT
Repo: https://github.com/apache/guacamole-server
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

68fdd4d290ba1324af2e9d15440fa8276beae3aa

Last affected

6c0862e82da8ee737ee655c7815b1851de6d0488

Affected versions

0.*

0.3.0

0.4.0

0.5.0

0.6.0

0.6.1

0.6.2

0.6.3

0.7.0

0.7.1

0.7.2

0.7.3

0.7.4

0.8.0

0.8.2

0.8.3

0.9.0

0.9.1

0.9.10-incubating

0.9.10-incubating-RC1

0.9.10-incubating-RC2

0.9.10-incubating-RC3

0.9.2

0.9.3

0.9.4

0.9.5

0.9.6

0.9.7

0.9.8

0.9.9