CVE-2023-30576
published 2023-06-07CVE-2023-30576: Apache Guacamole 0.9.10 through 1.5.1 may continue to reference a freed RDP audio input buffer. Depending on timing, this may allow an attacker to execute…
high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
Apache Guacamole 0.9.10 through 1.5.1 may continue to reference a freed RDP audio input buffer. Depending on timing, this may allow an attacker to execute arbitrary code with the privileges of the guacd process.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | guacamole | — | — |
| apache | guacamole | >= 0.9.0 < 1.5.2 | 1.5.2 |
| apache_software_foundation | apache_guacamole | 0.9.10 – 1.5.1 | — |
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
osv8.1HIGH