CVE-2020-9497
published 2020-07-02CVE-2020-9497: Apache Guacamole 1.1.0 and older do not properly validate datareceived from RDP servers via static virtual channels. If a userconnects to a malicious or…
medium4.4CVSS 3.1
AVLACHPRLUIRSUCHINAN
Apache Guacamole 1.1.0 and older do not properly validate datareceived from RDP servers via static virtual channels. If a userconnects to a malicious or compromised RDP server, specially-craftedPDUs could result in disclosure of information within the memory ofthe guacd process handling the connection.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | guacamole | <= 1.1.0 | — |
| apache | guacamole | — | — |
| debian | debian_linux | — | — |
| debian | guacamole-server | < guacamole-server 1.3.0-1 (bullseye) | guacamole-server 1.3.0-1 (bullseye) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
CVSS provenance
nvdv3.14.4MEDIUMCVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
osv4.4MEDIUM