oss-sec mailing list archives
Re: [SECURITY] CVE-2023-30576: Apache Guacamole: Use-after-free in handling of RDP audio input buffer
From: Michael Jumper <mjumper () apache org>
Date: Tue, 6 Jun 2023 11:01:30 -0700
On 6/6/23 10:34, Demi Marie Obenour wrote:
On Tue, Jun 06, 2023 at 10:12:29AM -0700, Michael Jumper wrote:Severity: moderate Base CVSS Score: 6.8 (AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N)Why is this A:N ...
The issue in question has no impact on the availability of a deployed instance of the service.
... and AC:H?
A successful attack in this case would depend on a complex series of factors and non-deterministic events outside the control of the attacker.
- Mike
Current thread:
- [SECURITY] CVE-2023-30576: Apache Guacamole: Use-after-free in handling of RDP audio input buffer Michael Jumper (Jun 06)
- Re: [SECURITY] CVE-2023-30576: Apache Guacamole: Use-after-free in handling of RDP audio input buffer Demi Marie Obenour (Jun 06)
- Re: [SECURITY] CVE-2023-30576: Apache Guacamole: Use-after-free in handling of RDP audio input buffer Michael Jumper (Jun 06)
- Re: [SECURITY] CVE-2023-30576: Apache Guacamole: Use-after-free in handling of RDP audio input buffer Demi Marie Obenour (Jun 06)