oss-sec mailing list archives
Re: [SECURITY] CVE-2023-30576: Apache Guacamole: Use-after-free in handling of RDP audio input buffer
From: Demi Marie Obenour <demi () invisiblethingslab com>
Date: Tue, 6 Jun 2023 13:34:20 -0400
On Tue, Jun 06, 2023 at 10:12:29AM -0700, Michael Jumper wrote:
Severity: moderate Base CVSS Score: 6.8 (AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N)
Why is this A:N and AC:H?
Affected versions: - Apache Guacamole 0.9.10 through 1.5.1 Description: Apache Guacamole 0.9.10 through 1.5.1 may continue to reference a freed RDP audio input buffer. Depending on timing, this may allow an attacker to execute arbitrary code with the privileges of the guacd process. Mitigation: Users of versions of Apache Guacamole 1.5.1 and older should upgrade to the 1.5.2 release. Credit: We would like to thank Stefan Schiller (Sonar) for reporting this issue. References: https://guacamole.apache.org/ https://www.cve.org/CVERecord?id=CVE-2023-30576 Timeline: 2023-04-11: Reported to security () guacamole apache org 2023-04-11: Report acknowledged by project 2023-04-12: Report confirmed by project 2023-05-09: Fix completed and merged 2023-05-09: Fix tested and confirmed by reporter 2023-05-25: Fix released
-- Sincerely, Demi Marie Obenour (she/her/hers) Invisible Things Lab
Attachment:
signature.asc
Description:
Current thread:
- [SECURITY] CVE-2023-30576: Apache Guacamole: Use-after-free in handling of RDP audio input buffer Michael Jumper (Jun 06)
- Re: [SECURITY] CVE-2023-30576: Apache Guacamole: Use-after-free in handling of RDP audio input buffer Demi Marie Obenour (Jun 06)