Lucene search

ApacheCVELIST:CVE-2023-30575

HistoryJun 07, 2023 - 8:06 a.m.

CVE-2023-30575 Apache Guacamole: Incorrect calculation of Guacamole protocol element lengths

2023-06-0708:06:36

CWE-131

apache

www.cve.org

cve-2023-30575 apache guacamole protocol handshake

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.002

Percentile

60.2%

JSON

Apache Guacamole 1.5.1 and older may incorrectly calculate the lengths of instruction elements sent during the Guacamole protocol handshake, potentially allowing an attacker to inject Guacamole instructions during the handshake through specially-crafted data.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Apache Guacamole",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "lessThanOrEqual": "1.5.1",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

References

lists.apache.org/thread/tn63n2lon0h5p45oft834t1dqvvxownv

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

EPSS

0.002

Percentile

60.2%

JSON

Related for CVELIST:CVE-2023-30575