Unrated severityNVD Advisory· Published Jun 7, 2023· Updated Oct 10, 2024

Apache Guacamole: Incorrect calculation of Guacamole protocol element lengths

CVE-2023-30575

Description

Apache Guacamole 1.5.1 and older may incorrectly calculate the lengths of instruction elements sent during the Guacamole protocol handshake, potentially allowing an attacker to inject Guacamole instructions during the handshake through specially-crafted data.

Affected products

Apache/Guacamolellm-fuzzy2 versions
<=1.5.1+ 1 more
- (no CPE)range: <=1.5.1
- (no CPE)range: 0
osv-coords16 versions
pkg:apk/chainguard/guacamole-server pkg:apk/chainguard/guacamole-server-dev pkg:apk/chainguard/guacamole-server-doc pkg:apk/chainguard/libguac-client-rdp pkg:apk/chainguard/libguac-client-ssh pkg:apk/chainguard/libguac-client-telnet pkg:apk/chainguard/libguac-client-vnc pkg:apk/wolfi/guacamole-server pkg:apk/wolfi/guacamole-server-dev pkg:apk/wolfi/guacamole-server-doc pkg:apk/wolfi/libguac-client-rdp pkg:apk/wolfi/libguac-client-ssh pkg:apk/wolfi/libguac-client-telnet pkg:apk/wolfi/libguac-client-vnc pkg:bitnami/guacamole pkg:bitnami/guacamole-server
< 0+ 15 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 1.5.2
- (no CPE)range: < 1.5.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.apache.org/thread/tn63n2lon0h5p45oft834t1dqvvxownvmitrevendor-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000