CVE-2023-30576 MEDIUM

CVE-2023-30576: Apache Guacamole: Use-after-free in handling of RDP audio input buffer

Vendor Apache Software Foundation

Product Apache Guacamole

Weakness CWE-416

Published June 7, 2023

Last update October 10, 2024

View on NVD All CVEs

CVSS base score

6.8/10

Attack vector Network

Attack complexity High

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

What the vulnerability does

Description

Apache Guacamole 0.9.10 through 1.5.1 may continue to reference a freed RDP audio input buffer. Depending on timing, this may allow an attacker to execute arbitrary code with the privileges of the guacd process.

Key dates

Disclosure timeline

June 7, 2023 CVE published

October 10, 2024 Record updated

Identifiers

CVE CVE-2023-30576

CWE CWE-416

CVSS 6.8 / MEDIUM

Affected versions

Vendor Apache Software Foundation

Product Apache Guacamole

Affected ≥ 0.9.10 and ≤ 1.5.1