Skip to main content

Incorrect Calculation of Buffer Size

CVE-2023-30575

Severity High
Score 7.5/10

Summary

Apache Guacamole prior to 1.5.2-RC1 may incorrectly calculate the lengths of instruction elements sent during the Guacamole protocol handshake, potentially allowing an attacker to inject Guacamole instructions during the handshake through specially-crafted data.

  • LOW
  • NETWORK
  • HIGH
  • UNCHANGED
  • NONE
  • NONE
  • NONE
  • NONE

CWE-131 - Incorrect Calculation of Buffer Size

The software does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.

Advisory Timeline

  • Published