Lucene search

[email protected]NVD:CVE-2023-30575

HistoryJun 07, 2023 - 9:15 a.m.

CVE-2023-30575

2023-06-0709:15:09

CWE-131

[email protected]

web.nvd.nist.gov

apache guacamole

instruction length

miscalculation

vulnerability

handshake

attacker

injection

specially-crafted data

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

6.9

Confidence

High

EPSS

0.002

Percentile

60.2%

JSON

Apache Guacamole 1.5.1 and older may incorrectly calculate the lengths of instruction elements sent during the Guacamole protocol handshake, potentially allowing an attacker to inject Guacamole instructions during the handshake through specially-crafted data.

Affected configurations

Nvd

Node

apacheguacamoleRange<1.5.2

VendorProductVersionCPE
apacheguacamole*cpe:2.3:a:apache:guacamole:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
apache	guacamole	*	cpe:2.3:a:apache:guacamole::::::::

References

lists.apache.org/thread/tn63n2lon0h5p45oft834t1dqvvxownv

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

AI Score

6.9

Confidence

High

EPSS

0.002

Percentile

60.2%

JSON

Related for NVD:CVE-2023-30575

cvelist1 osv4 cve1 prion1 ubuntucve1