Incorrect Calculation of Buffer Size
CVE-2023-30575
Summary
Apache Guacamole prior to 1.5.2-RC1 may incorrectly calculate the lengths of instruction elements sent during the Guacamole protocol handshake, potentially allowing an attacker to inject Guacamole instructions during the handshake through specially-crafted data.
- LOW
- NETWORK
- HIGH
- UNCHANGED
- NONE
- NONE
- NONE
- NONE
CWE-131 - Incorrect Calculation of Buffer Size
The software does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.
References
Advisory Timeline
- Published