CVE-2017-3158

CWE-362 — Race Condition5 documents4 sources

Severity

8.1HIGH

EPSS

0.7%

top 28.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Guacamole Apache Software Foundation Apache Guacamole

Timeline

PublishedJan 18

Latest updateMay 14

Description

A race condition in Guacamole's terminal emulator in versions 0.9.5 through 0.9.10-incubating could allow writes of blocks of printed data to overlap. Such overlapping writes could cause packet data to be misread as the packet length, resulting in the remaining data being written beyond the end of a statically-allocated buffer.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages3 packages

▶Mavenorg.apache.guacamole:guacamole-common0.9.5 — 0.9.11-incubating

▶NVDapache/guacamole0.9.9+1

▶CVEListV5apache_software_foundation/apache_guacamoleApache Guacamole 0.9.5 to 0.9.10-incubating

🔴Vulnerability Details

GHSA

Apache Guacamole Race Condition vulnerability↗2022-05-14

▶

OSV

Apache Guacamole Race Condition vulnerability↗2022-05-14

▶

CVEList

CVE-2017-3158: A race condition in Guacamole's terminal emulator in versions 0↗2018-01-18

▶

OSV

CVE-2017-3158: A race condition in Guacamole's terminal emulator in versions 0↗2018-01-18

▶