Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-30575

Apache Guacamole 1.5.1 and older may incorrectly calculate the lengths of instruction elements sent during the Guacamole protocol handshake, potentially allowing an attacker to inject Guacamole instructions during the handshake through specially-crafted data.

Published

2023-06-07T09:15:09.993

Last Modified

2024-11-21T08:00:26.877

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Primary
CWE-131
Type: Secondary
CWE-131

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apache	guacamole	< 1.5.2	Yes

References

https://lists.apache.org/thread/tn63n2lon0h5p45oft834t1dqvvxownv Mailing List, Third Party Advisory ([email protected])
https://lists.apache.org/thread/tn63n2lon0h5p45oft834t1dqvvxownv Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)