CVE-2023-30576

Apache Guacamole 0.9.10 through 1.5.1 may continue to reference a freed RDP audio input buffer. Depending on timing, this may allow an attacker to execute arbitrary code with the privileges of the guacd process.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 MEDIUM
NETWORK
HIGH
LOW
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
apacheguacamole
0.9.0 ≤
𝑥
< 1.5.2
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
apacheguacamole
0.9.10 ≤
𝑥
≤ 1.5.1
ADP
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
guacamole-client
bionic
needs-triage
focal
dne
jammy
dne
kinetic
dne
lunar
dne
mantic
dne
noble
dne
oracular
dne
trusty
ignored
xenial
needs-triage
Common Weakness Enumeration
References
https://lists.apache.org/thread/vgtvxb3w7mm84hx6v8dfc0onsoz05gb6
https://lists.apache.org/thread/vgtvxb3w7mm84hx6v8dfc0onsoz05gb6