CVE-2023-30575 MEDIUM

CVE-2023-30575: Apache Guacamole: Incorrect calculation of Guacamole protocol element lengths

Vendor Apache Software Foundation

Product Apache Guacamole

Weakness CWE-131

Published June 7, 2023

Last update October 10, 2024

View on NVD All CVEs

CVSS base score

6.5/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality None

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

What the vulnerability does

Description

Apache Guacamole 1.5.1 and older may incorrectly calculate the lengths of instruction elements sent during the Guacamole protocol handshake, potentially allowing an attacker to inject Guacamole instructions during the handshake through specially-crafted data.

Key dates

Disclosure timeline

June 7, 2023 CVE published

October 10, 2024 Record updated