CVE-2023-30575

CWE-131 CWE-745 documents5 sources

Severity

7.5HIGH

EPSS

0.2%

top 62.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Guacamole Apache Software Foundation Apache Guacamole

Timeline

PublishedJun 7

Description

Apache Guacamole 1.5.1 and older may incorrectly calculate the lengths of instruction elements sent during the Guacamole protocol handshake, potentially allowing an attacker to inject Guacamole instructions during the handshake through specially-crafted data.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDapache/guacamole< 1.5.2

▶CVEListV5apache_software_foundation/apache_guacamole1.5.1

🔴Vulnerability Details

GHSA

GHSA-jcgp-rv79-q77m: Apache Guacamole 1↗2023-06-07

▶

OSV

CVE-2023-30575: Apache Guacamole 1↗2023-06-07

▶

CVEList

Apache Guacamole: Incorrect calculation of Guacamole protocol element lengths↗2023-06-07

▶

📋Vendor Advisories

Apache

Apache guacamole: CVE-2023-30575↗

▶