CVE-2020-9498
published 2020-07-02CVE-2020-9498: Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious…
medium6.7CVSS 3.1
AVLACHPRLUIRSUCHIHAH
Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed with the privileges of therunning guacd process.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | guacamole | <= 1.1.0 | — |
| apache | guacamole | — | — |
| debian | debian_linux | — | — |
| debian | guacamole-server | < guacamole-server 1.3.0-1 (bullseye) | guacamole-server 1.3.0-1 (bullseye) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
CVSS provenance
nvdv3.16.7MEDIUMCVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
osv6.7MEDIUM