UBUNTU-CVE-2024-35164

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2024-35164

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-35164.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2024-35164

Upstream

CVE-2024-35164

Published

2025-07-02T12:15:00Z

Modified

2025-10-24T05:09:12Z

Severity

6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

The terminal emulator of Apache Guacamole 1.5.5 and older does not properly validate console codes received from servers via text-based protocols like SSH. If a malicious user has access to a text-based connection, a specially-crafted sequence of console codes could allow arbitrary code to be executed with the privileges of the running guacd process. Users are recommended to upgrade to version 1.6.0, which fixes this issue.

References

Affected packages

Ubuntu:16.04:LTS / guacamole-client

Package

Name: guacamole-client
Purl: pkg:deb/ubuntu/guacamole-client@0.8.3-1.2?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.8.3-1.1

0.8.3-1.2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "guacamole",
            "binary_version": "0.8.3-1.2"
        },
        {
            "binary_name": "guacamole-tomcat",
            "binary_version": "0.8.3-1.2"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-35164.json"

Ubuntu:18.04:LTS / guacamole-client