CVE-2020-9498

CWE-787 — Out-of-bounds Write CWE-119 — Buffer Overflow10 documents7 sources

Severity

6.7MEDIUM

EPSS

0.1%

top 71.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Guacamole Debian Debian Linux Fedoraproject Fedora

Timeline

PublishedJul 2

Latest updateMay 24

Description

Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed with the privileges of therunning guacd process.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages3 packages

▶Debianguacamole-server< 1.3.0-1

▶NVDapache/guacamole1.1.0

▶CVEListV5apache_guacamoleApache Guacamole 1.1.0 and older

Also affects: Debian Linux 9.0, Fedora 32, 33

🔴Vulnerability Details

GHSA

GHSA-wrfm-qjwf-qpwj: Apache Guacamole 1↗2022-05-24

▶

OSV

CVE-2020-9498: Apache Guacamole 1↗2020-07-02

▶

CVEList

CVE-2020-9498: Apache Guacamole 1↗2020-07-02

▶

📋Vendor Advisories

Debian

CVE-2020-9498: guacamole-server - Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing da...↗2020

▶

Apache

Apache guacamole: CVE-2020-9498↗

▶

💬Community

Bugzilla

CVE-2020-9498 guacamole-server: Dangling pointer in RDP static virtual channel handling [epel-7]↗2020-07-02

▶

Bugzilla

CVE-2020-9498 guacamole-server: Dangling pointer in RDP static virtual channel handling [fedora-all]↗2020-07-02

▶

Bugzilla

CVE-2020-9498 guacamole-server: Dangling pointer in RDP static virtual channel handling [epel-6]↗2020-07-02

▶

Bugzilla

CVE-2020-9498 guacamole-server: Dangling pointer in RDP static virtual channel handling↗2020-07-02

▶