Search

Find a vulnerability

Search criteria

    16 vulnerabilities found for Apache Guacamole by Apache Software Foundation

    CVE-2024-35164 (GCVE-0-2024-35164)

    Vulnerability from nvd – Published: 2025-07-02 11:23 – Updated: 2026-02-26 18:28
    VLAI
    Title
    Apache Guacamole: Improper input validation of console codes
    Summary
    The terminal emulator of Apache Guacamole 1.5.5 and older does not properly validate console codes received from servers via text-based protocols like SSH. If a malicious user has access to a text-based connection, a specially-crafted sequence of console codes could allow arbitrary code to be executed with the privileges of the running guacd process. Users are recommended to upgrade to version 1.6.0, which fixes this issue.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-129 - Improper Validation of Array Index
    Assigner
    Impacted products
    Vendor Product Version
    Apache Software Foundation Apache Guacamole Affected: 0.8.0 , ≤ 1.5.5 (semver)
    Create a notification for this product.
    Credits
    Tizian Seehaus (Tibotix)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-35164",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-03T03:55:33.220907Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T18:28:01.214Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T21:08:36.862Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/07/01/2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Apache Guacamole",
              "vendor": "Apache Software Foundation",
              "versions": [
                {
                  "lessThanOrEqual": "1.5.5",
                  "status": "affected",
                  "version": "0.8.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Tizian Seehaus (Tibotix)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003eThe terminal emulator of Apache Guacamole 1.5.5 and older does not properly validate console codes received from servers via text-based protocols like SSH. If a malicious user has access to a text-based connection, a specially-crafted sequence of console codes could allow arbitrary code to be executed\nwith the privileges of the running guacd process.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eUsers are recommended to upgrade to version 1.6.0, which fixes this issue.\u003c/div\u003e"
                }
              ],
              "value": "The terminal emulator of Apache Guacamole 1.5.5 and older does not properly validate console codes received from servers via text-based protocols like SSH. If a malicious user has access to a text-based connection, a specially-crafted sequence of console codes could allow arbitrary code to be executed\nwith the privileges of the running guacd process.\n\n\n\n\nUsers are recommended to upgrade to version 1.6.0, which fixes this issue."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "other": {
                "content": {
                  "text": "moderate"
                },
                "type": "Textual description of severity"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-129",
                  "description": "CWE-129 Improper Validation of Array Index",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-02T11:23:22.750Z",
            "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            "shortName": "apache"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.apache.org/thread/sgs8lplbkrpvd3hrvcnnxh3028h4py70"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2024-05-04T13:09:00.000Z",
              "value": "Reported to security@guacamole.apache.org"
            },
            {
              "lang": "en",
              "time": "2024-05-04T22:48:00.000Z",
              "value": "Report acknowledged by project"
            },
            {
              "lang": "en",
              "time": "2024-05-10T07:44:00.000Z",
              "value": "Report confirmed by project"
            }
          ],
          "title": "Apache Guacamole: Improper input validation of console codes",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "assignerShortName": "apache",
        "cveId": "CVE-2024-35164",
        "datePublished": "2025-07-02T11:23:22.750Z",
        "dateReserved": "2024-05-10T07:46:23.307Z",
        "dateUpdated": "2026-02-26T18:28:01.214Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-43826 (GCVE-0-2023-43826)

    Vulnerability from nvd – Published: 2023-12-19 19:50 – Updated: 2026-02-25 17:51
    VLAI
    Title
    Apache Guacamole: Integer overflow in handling of VNC image buffers
    Summary
    Apache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow. If a user connects to a malicious or compromised VNC server, specially-crafted data could result in memory corruption, possibly allowing arbitrary code to be executed with the privileges of the running guacd process. Users are recommended to upgrade to version 1.5.4, which fixes this issue.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-190 - Integer Overflow or Wraparound
    Assigner
    Impacted products
    Vendor Product Version
    Apache Software Foundation Apache Guacamole Affected: 0 , ≤ 1.5.3 (semver)
    Create a notification for this product.
    Credits
    Joseph Surin (Elttam) Matt Jones (Elttam)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:52:11.339Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread/23gzwftpfgtq97tj6ttmbclry53kmwv6"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/12/19/4"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-43826",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-21T03:55:15.865919Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-25T17:51:44.807Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Apache Guacamole",
              "vendor": "Apache Software Foundation",
              "versions": [
                {
                  "lessThanOrEqual": "1.5.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Joseph Surin (Elttam)"
            },
            {
              "lang": "en",
              "type": "reporter",
              "value": "Matt Jones (Elttam)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003eApache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow. If a user connects to a malicious or compromised VNC server, specially-crafted data could result in memory corruption, possibly allowing arbitrary code to be executed with the privileges of the running guacd process.\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eUsers are recommended to upgrade to version 1.5.4, which fixes this issue.\u003c/div\u003e"
                }
              ],
              "value": "Apache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow. If a user connects to a malicious or compromised VNC server, specially-crafted data could result in memory corruption, possibly allowing arbitrary code to be executed with the privileges of the running guacd process.\n\nUsers are recommended to upgrade to version 1.5.4, which fixes this issue."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "text": "important"
                },
                "type": "Textual description of severity"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "A malicious Guacamole user has managed to compromise a VNC server to which they have already been granted access by a Guacamole administrator."
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "An attacker does not necessarily have any access to Guacamole, but has managed to compromise a VNC server that some other Guacamole user may access."
                },
                {
                  "lang": "en",
                  "value": "An attacker does not necessarily have any access to Guacamole, but has managed to convince a Guacamole administrator to provide at least one Guacamole user with access to a malicious VNC server through social engineering."
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 0,
                "baseSeverity": "NONE",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "An attacker has sufficient privileges within Guacamole to create their own connections, and configures Guacamole to connect to a malicious/compromised VNC server."
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "CWE-190 Integer Overflow or Wraparound",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-19T19:55:08.322Z",
            "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            "shortName": "apache"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.apache.org/thread/23gzwftpfgtq97tj6ttmbclry53kmwv6"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/12/19/4"
            }
          ],
          "source": {
            "defect": [
              "GUACAMOLE-1867"
            ],
            "discovery": "EXTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2023-09-22T03:08:00.000Z",
              "value": "Reported to security@guacamole.apache.org"
            },
            {
              "lang": "en",
              "time": "2023-09-22T16:44:00.000Z",
              "value": "Report acknowledged by project"
            },
            {
              "lang": "en",
              "time": "2023-09-22T21:42:00.000Z",
              "value": "Report confirmed by project"
            },
            {
              "lang": "en",
              "time": "2023-10-26T17:36:00.000Z",
              "value": "Fix completed and merged"
            },
            {
              "lang": "en",
              "time": "2023-10-27T00:15:00.000Z",
              "value": "Fix tested and confirmed by reporter"
            },
            {
              "lang": "en",
              "time": "2023-12-08T01:00:00.000Z",
              "value": "Fix released"
            }
          ],
          "title": "Apache Guacamole: Integer overflow in handling of VNC image buffers",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "assignerShortName": "apache",
        "cveId": "CVE-2023-43826",
        "datePublished": "2023-12-19T19:50:15.188Z",
        "dateReserved": "2023-09-25T04:00:57.264Z",
        "dateUpdated": "2026-02-25T17:51:44.807Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-30576 (GCVE-0-2023-30576)

    Vulnerability from nvd – Published: 2023-06-07 08:06 – Updated: 2024-10-10 14:43
    VLAI
    Title
    Apache Guacamole: Use-after-free in handling of RDP audio input buffer
    Summary
    Apache Guacamole 0.9.10 through 1.5.1 may continue to reference a freed RDP audio input buffer. Depending on timing, this may allow an attacker to execute arbitrary code with the privileges of the guacd process.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Apache Software Foundation Apache Guacamole Affected: 0.9.10 , ≤ 1.5.1 (semver)
    Create a notification for this product.
    apache guacamole Affected: 0.9.10 , ≤ 1.5.1 (custom)
        cpe:2.3:a:apache:guacamole:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Stefan Schiller (Sonar)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:28:52.009Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread/vgtvxb3w7mm84hx6v8dfc0onsoz05gb6"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:apache:guacamole:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "guacamole",
                "vendor": "apache",
                "versions": [
                  {
                    "lessThanOrEqual": "1.5.1",
                    "status": "affected",
                    "version": "0.9.10",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-30576",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-10T14:40:13.451018Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-10T14:43:27.765Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Apache Guacamole",
              "vendor": "Apache Software Foundation",
              "versions": [
                {
                  "lessThanOrEqual": "1.5.1",
                  "status": "affected",
                  "version": "0.9.10",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Stefan Schiller (Sonar)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Apache Guacamole 0.9.10 through 1.5.1 may continue to reference a freed RDP audio input buffer. Depending on timing, this may allow an attacker to execute arbitrary code with the privileges of the guacd process.\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "Apache Guacamole 0.9.10 through 1.5.1 may continue to reference a freed RDP audio input buffer. Depending on timing, this may allow an attacker to execute arbitrary code with the privileges of the guacd process.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416 Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-07T08:06:54.840Z",
            "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            "shortName": "apache"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.apache.org/thread/vgtvxb3w7mm84hx6v8dfc0onsoz05gb6"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2023-04-11T12:51:00.000Z",
              "value": "Reported to security@guacamole.apache.org"
            },
            {
              "lang": "en",
              "time": "2023-04-11T13:07:00.000Z",
              "value": "Report acknowledged by project"
            },
            {
              "lang": "en",
              "time": "2023-04-11T17:46:00.000Z",
              "value": "Report confirmed by project"
            },
            {
              "lang": "en",
              "time": "2023-05-08T20:01:00.000Z",
              "value": "Fix completed and merged"
            },
            {
              "lang": "en",
              "time": "2023-05-09T08:32:00.000Z",
              "value": "Fix tested and confirmed by reporter"
            },
            {
              "lang": "en",
              "time": "2023-05-25T03:19:00.000Z",
              "value": "Fix released"
            }
          ],
          "title": "Apache Guacamole: Use-after-free in handling of RDP audio input buffer",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "assignerShortName": "apache",
        "cveId": "CVE-2023-30576",
        "datePublished": "2023-06-07T08:06:54.840Z",
        "dateReserved": "2023-04-12T20:55:56.105Z",
        "dateUpdated": "2024-10-10T14:43:27.765Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-30575 (GCVE-0-2023-30575)

    Vulnerability from nvd – Published: 2023-06-07 08:06 – Updated: 2024-10-10 14:39
    VLAI
    Title
    Apache Guacamole: Incorrect calculation of Guacamole protocol element lengths
    Summary
    Apache Guacamole 1.5.1 and older may incorrectly calculate the lengths of instruction elements sent during the Guacamole protocol handshake, potentially allowing an attacker to inject Guacamole instructions during the handshake through specially-crafted data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-131 - Incorrect Calculation of Buffer Size
    Assigner
    References
    Impacted products
    Vendor Product Version
    Apache Software Foundation Apache Guacamole Affected: 0 , ≤ 1.5.1 (semver)
    Create a notification for this product.
    Credits
    Stefan Schiller (Sonar)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:28:51.955Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread/tn63n2lon0h5p45oft834t1dqvvxownv"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-30575",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-10T14:39:18.400824Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-10T14:39:33.936Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Apache Guacamole",
              "vendor": "Apache Software Foundation",
              "versions": [
                {
                  "lessThanOrEqual": "1.5.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Stefan Schiller (Sonar)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Apache Guacamole 1.5.1 and older may incorrectly calculate the lengths of instruction elements sent during the Guacamole protocol handshake, potentially allowing an attacker to inject Guacamole instructions during the handshake through specially-crafted data.\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "Apache Guacamole 1.5.1 and older may incorrectly calculate the lengths of instruction elements sent during the Guacamole protocol handshake, potentially allowing an attacker to inject Guacamole instructions during the handshake through specially-crafted data.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-131",
                  "description": "CWE-131 Incorrect Calculation of Buffer Size",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-15T07:28:16.579Z",
            "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            "shortName": "apache"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.apache.org/thread/tn63n2lon0h5p45oft834t1dqvvxownv"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2023-04-11T14:51:00.000Z",
              "value": "Reported to security@guacamole.apache.org"
            },
            {
              "lang": "en",
              "time": "2023-04-11T15:07:00.000Z",
              "value": "Report acknowledged by project"
            },
            {
              "lang": "en",
              "time": "2023-04-11T19:46:00.000Z",
              "value": "Report confirmed by project"
            },
            {
              "lang": "en",
              "time": "2023-05-08T22:01:00.000Z",
              "value": "Fix completed and merged"
            },
            {
              "lang": "en",
              "time": "2023-05-09T10:32:00.000Z",
              "value": "Fix tested and confirmed by reporter"
            },
            {
              "lang": "en",
              "time": "2023-05-25T05:19:00.000Z",
              "value": "Fix released"
            }
          ],
          "title": "Apache Guacamole: Incorrect calculation of Guacamole protocol element lengths",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "assignerShortName": "apache",
        "cveId": "CVE-2023-30575",
        "datePublished": "2023-06-07T08:06:36.061Z",
        "dateReserved": "2023-04-12T20:53:54.616Z",
        "dateUpdated": "2024-10-10T14:39:33.936Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-43999 (GCVE-0-2021-43999)

    Vulnerability from nvd – Published: 2022-01-11 22:10 – Updated: 2024-08-04 04:10
    VLAI
    Title
    Improper validation of SAML responses
    Summary
    Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses received from a SAML identity provider. If SAML support is enabled, this may allow a malicious user to assume the identity of another Guacamole user.
    Severity
    No CVSS data available.
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    References
    Impacted products
    Vendor Product Version
    Apache Software Foundation Apache Guacamole Affected: 1.3.0
    Affected: 1.2.0
    Create a notification for this product.
    Credits
    We would like to thank Finn Steglich (ETAS) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:10:17.191Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread/4dt9h5mo4o9rxlgxm3rp8wfqdtdjn2z9"
              },
              {
                "name": "[oss-security] 20220111 [SECURITY] CVE-2021-43999: Apache Guacamole: Improper validation of SAML responses",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2022/01/11/7"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Apache Guacamole",
              "vendor": "Apache Software Foundation",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.3.0"
                },
                {
                  "status": "affected",
                  "version": "1.2.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "We would like to thank Finn Steglich (ETAS) for reporting this issue."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses received from a SAML identity provider. If SAML support is enabled, this may allow a malicious user to assume the identity of another Guacamole user."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "other": "high"
                },
                "type": "unknown"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287 Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-12T00:06:11.000Z",
            "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            "shortName": "apache"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread/4dt9h5mo4o9rxlgxm3rp8wfqdtdjn2z9"
            },
            {
              "name": "[oss-security] 20220111 [SECURITY] CVE-2021-43999: Apache Guacamole: Improper validation of SAML responses",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2022/01/11/7"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper validation of SAML responses",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@apache.org",
              "ID": "CVE-2021-43999",
              "STATE": "PUBLIC",
              "TITLE": "Improper validation of SAML responses"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Apache Guacamole",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "1.3.0"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "1.2.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Apache Software Foundation"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "We would like to thank Finn Steglich (ETAS) for reporting this issue."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses received from a SAML identity provider. If SAML support is enabled, this may allow a malicious user to assume the identity of another Guacamole user."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": [
              {
                "other": "high"
              }
            ],
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-287 Improper Authentication"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://lists.apache.org/thread/4dt9h5mo4o9rxlgxm3rp8wfqdtdjn2z9",
                  "refsource": "MISC",
                  "url": "https://lists.apache.org/thread/4dt9h5mo4o9rxlgxm3rp8wfqdtdjn2z9"
                },
                {
                  "name": "[oss-security] 20220111 [SECURITY] CVE-2021-43999: Apache Guacamole: Improper validation of SAML responses",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2022/01/11/7"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "assignerShortName": "apache",
        "cveId": "CVE-2021-43999",
        "datePublished": "2022-01-11T22:10:12.000Z",
        "dateReserved": "2021-11-18T00:00:00.000Z",
        "dateUpdated": "2024-08-04T04:10:17.191Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-41767 (GCVE-0-2021-41767)

    Vulnerability from nvd – Published: 2022-01-11 22:10 – Updated: 2024-08-04 03:15
    VLAI
    Title
    Private tunnel identifier may be included in the non-private details of active connections
    Summary
    Apache Guacamole 1.3.0 and older may incorrectly include a private tunnel identifier in the non-private details of some REST responses. This may allow an authenticated user who already has permission to access a particular connection to read from or interact with another user's active use of that same connection.
    Severity
    No CVSS data available.
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    References
    Impacted products
    Vendor Product Version
    Apache Software Foundation Apache Guacamole Affected: unspecified , ≤ 1.3.0 (custom)
    Create a notification for this product.
    Credits
    We would like to thank Damian Velardo (Australia and New Zealand Banking Group) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T03:15:29.360Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread/5l31k4jmzdsfz0xt8osrbl878gb3b7ro"
              },
              {
                "name": "[oss-security] 20220111 [SECURITY] CVE-2021-41767: Apache Guacamole: Private tunnel identifier may be included in the non-private details of active connections",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2022/01/11/6"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Apache Guacamole",
              "vendor": "Apache Software Foundation",
              "versions": [
                {
                  "lessThanOrEqual": "1.3.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "We would like to thank Damian Velardo (Australia and New Zealand Banking Group) for reporting this issue."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Apache Guacamole 1.3.0 and older may incorrectly include a private tunnel identifier in the non-private details of some REST responses. This may allow an authenticated user who already has permission to access a particular connection to read from or interact with another user\u0027s active use of that same connection."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "other": "moderate"
                },
                "type": "unknown"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-12T00:06:13.000Z",
            "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            "shortName": "apache"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread/5l31k4jmzdsfz0xt8osrbl878gb3b7ro"
            },
            {
              "name": "[oss-security] 20220111 [SECURITY] CVE-2021-41767: Apache Guacamole: Private tunnel identifier may be included in the non-private details of active connections",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2022/01/11/6"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Private tunnel identifier may be included in the non-private details of active connections",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@apache.org",
              "ID": "CVE-2021-41767",
              "STATE": "PUBLIC",
              "TITLE": "Private tunnel identifier may be included in the non-private details of active connections"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Apache Guacamole",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "1.3.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Apache Software Foundation"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "We would like to thank Damian Velardo (Australia and New Zealand Banking Group) for reporting this issue."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Apache Guacamole 1.3.0 and older may incorrectly include a private tunnel identifier in the non-private details of some REST responses. This may allow an authenticated user who already has permission to access a particular connection to read from or interact with another user\u0027s active use of that same connection."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": [
              {
                "other": "moderate"
              }
            ],
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://lists.apache.org/thread/5l31k4jmzdsfz0xt8osrbl878gb3b7ro",
                  "refsource": "MISC",
                  "url": "https://lists.apache.org/thread/5l31k4jmzdsfz0xt8osrbl878gb3b7ro"
                },
                {
                  "name": "[oss-security] 20220111 [SECURITY] CVE-2021-41767: Apache Guacamole: Private tunnel identifier may be included in the non-private details of active connections",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2022/01/11/6"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "assignerShortName": "apache",
        "cveId": "CVE-2021-41767",
        "datePublished": "2022-01-11T22:10:11.000Z",
        "dateReserved": "2021-09-28T00:00:00.000Z",
        "dateUpdated": "2024-08-04T03:15:29.360Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1340 (GCVE-0-2018-1340)

    Vulnerability from nvd – Published: 2019-02-07 22:00 – Updated: 2024-09-16 19:20
    VLAI
    Summary
    Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user's session token. This cookie lacked the "secure" flag, which could allow an attacker eavesdropping on the network to intercept the user's session token if unencrypted HTTP requests are made to the same domain.
    Severity
    No CVSS data available.
    CWE
    • Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
    Assigner
    References
    Impacted products
    Vendor Product Version
    Apache Software Foundation Apache Guacamole Affected: Apache Guacamole 0.9.4 to 0.9.14
    Create a notification for this product.
    Date Public
    2019-01-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:59:39.052Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/af1632e13dd9acf7537546660cae9143cbb10fdd2f9bb0832a690979%40%3Cannounce.guacamole.apache.org%3E"
              },
              {
                "name": "106768",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106768"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Apache Guacamole",
              "vendor": "Apache Software Foundation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Apache Guacamole 0.9.4 to 0.9.14"
                }
              ]
            }
          ],
          "datePublic": "2019-01-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user\u0027s session token. This cookie lacked the \"secure\" flag, which could allow an attacker eavesdropping on the network to intercept the user\u0027s session token if unencrypted HTTP requests are made to the same domain."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-02-09T10:57:01.000Z",
            "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            "shortName": "apache"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/af1632e13dd9acf7537546660cae9143cbb10fdd2f9bb0832a690979%40%3Cannounce.guacamole.apache.org%3E"
            },
            {
              "name": "106768",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106768"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@apache.org",
              "DATE_PUBLIC": "2019-01-23T00:00:00",
              "ID": "CVE-2018-1340",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Apache Guacamole",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Apache Guacamole 0.9.4 to 0.9.14"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Apache Software Foundation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user\u0027s session token. This cookie lacked the \"secure\" flag, which could allow an attacker eavesdropping on the network to intercept the user\u0027s session token if unencrypted HTTP requests are made to the same domain."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://lists.apache.org/thread.html/af1632e13dd9acf7537546660cae9143cbb10fdd2f9bb0832a690979@%3Cannounce.guacamole.apache.org%3E",
                  "refsource": "MISC",
                  "url": "https://lists.apache.org/thread.html/af1632e13dd9acf7537546660cae9143cbb10fdd2f9bb0832a690979@%3Cannounce.guacamole.apache.org%3E"
                },
                {
                  "name": "106768",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106768"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "assignerShortName": "apache",
        "cveId": "CVE-2018-1340",
        "datePublished": "2019-02-07T22:00:00.000Z",
        "dateReserved": "2017-12-07T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:20:49.021Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-3158 (GCVE-0-2017-3158)

    Vulnerability from nvd – Published: 2018-01-18 20:00 – Updated: 2024-09-16 16:37
    VLAI
    Summary
    A race condition in Guacamole's terminal emulator in versions 0.9.5 through 0.9.10-incubating could allow writes of blocks of printed data to overlap. Such overlapping writes could cause packet data to be misread as the packet length, resulting in the remaining data being written beyond the end of a statically-allocated buffer.
    Severity
    No CVSS data available.
    CWE
    • Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Apache Software Foundation Apache Guacamole Affected: Apache Guacamole 0.9.5 to 0.9.10-incubating
    Create a notification for this product.
    Date Public
    2018-01-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:16:28.246Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/b218d36bfdaf655d27382daec4dcd02ec717631f4aee8b7e4300ad65%40%3Cuser.guacamole.apache.org%3E"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Apache Guacamole",
              "vendor": "Apache Software Foundation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Apache Guacamole 0.9.5 to 0.9.10-incubating"
                }
              ]
            }
          ],
          "datePublic": "2018-01-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A race condition in Guacamole\u0027s terminal emulator in versions 0.9.5 through 0.9.10-incubating could allow writes of blocks of printed data to overlap. Such overlapping writes could cause packet data to be misread as the packet length, resulting in the remaining data being written beyond the end of a statically-allocated buffer."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-18T19:57:01.000Z",
            "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            "shortName": "apache"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/b218d36bfdaf655d27382daec4dcd02ec717631f4aee8b7e4300ad65%40%3Cuser.guacamole.apache.org%3E"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@apache.org",
              "DATE_PUBLIC": "2018-01-15T00:00:00",
              "ID": "CVE-2017-3158",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Apache Guacamole",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Apache Guacamole 0.9.5 to 0.9.10-incubating"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Apache Software Foundation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A race condition in Guacamole\u0027s terminal emulator in versions 0.9.5 through 0.9.10-incubating could allow writes of blocks of printed data to overlap. Such overlapping writes could cause packet data to be misread as the packet length, resulting in the remaining data being written beyond the end of a statically-allocated buffer."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Buffer Overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://lists.apache.org/thread.html/b218d36bfdaf655d27382daec4dcd02ec717631f4aee8b7e4300ad65@%3Cuser.guacamole.apache.org%3E",
                  "refsource": "MISC",
                  "url": "https://lists.apache.org/thread.html/b218d36bfdaf655d27382daec4dcd02ec717631f4aee8b7e4300ad65@%3Cuser.guacamole.apache.org%3E"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "assignerShortName": "apache",
        "cveId": "CVE-2017-3158",
        "datePublished": "2018-01-18T20:00:00.000Z",
        "dateReserved": "2016-12-05T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:37:33.486Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-35164 (GCVE-0-2024-35164)

    Vulnerability from cvelistv5 – Published: 2025-07-02 11:23 – Updated: 2026-02-26 18:28
    VLAI
    Title
    Apache Guacamole: Improper input validation of console codes
    Summary
    The terminal emulator of Apache Guacamole 1.5.5 and older does not properly validate console codes received from servers via text-based protocols like SSH. If a malicious user has access to a text-based connection, a specially-crafted sequence of console codes could allow arbitrary code to be executed with the privileges of the running guacd process. Users are recommended to upgrade to version 1.6.0, which fixes this issue.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-129 - Improper Validation of Array Index
    Assigner
    Impacted products
    Vendor Product Version
    Apache Software Foundation Apache Guacamole Affected: 0.8.0 , ≤ 1.5.5 (semver)
    Create a notification for this product.
    Credits
    Tizian Seehaus (Tibotix)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-35164",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-03T03:55:33.220907Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-26T18:28:01.214Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T21:08:36.862Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2025/07/01/2"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Apache Guacamole",
              "vendor": "Apache Software Foundation",
              "versions": [
                {
                  "lessThanOrEqual": "1.5.5",
                  "status": "affected",
                  "version": "0.8.0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Tizian Seehaus (Tibotix)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003eThe terminal emulator of Apache Guacamole 1.5.5 and older does not properly validate console codes received from servers via text-based protocols like SSH. If a malicious user has access to a text-based connection, a specially-crafted sequence of console codes could allow arbitrary code to be executed\nwith the privileges of the running guacd process.\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eUsers are recommended to upgrade to version 1.6.0, which fixes this issue.\u003c/div\u003e"
                }
              ],
              "value": "The terminal emulator of Apache Guacamole 1.5.5 and older does not properly validate console codes received from servers via text-based protocols like SSH. If a malicious user has access to a text-based connection, a specially-crafted sequence of console codes could allow arbitrary code to be executed\nwith the privileges of the running guacd process.\n\n\n\n\nUsers are recommended to upgrade to version 1.6.0, which fixes this issue."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "other": {
                "content": {
                  "text": "moderate"
                },
                "type": "Textual description of severity"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-129",
                  "description": "CWE-129 Improper Validation of Array Index",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-02T11:23:22.750Z",
            "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            "shortName": "apache"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.apache.org/thread/sgs8lplbkrpvd3hrvcnnxh3028h4py70"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2024-05-04T13:09:00.000Z",
              "value": "Reported to security@guacamole.apache.org"
            },
            {
              "lang": "en",
              "time": "2024-05-04T22:48:00.000Z",
              "value": "Report acknowledged by project"
            },
            {
              "lang": "en",
              "time": "2024-05-10T07:44:00.000Z",
              "value": "Report confirmed by project"
            }
          ],
          "title": "Apache Guacamole: Improper input validation of console codes",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "assignerShortName": "apache",
        "cveId": "CVE-2024-35164",
        "datePublished": "2025-07-02T11:23:22.750Z",
        "dateReserved": "2024-05-10T07:46:23.307Z",
        "dateUpdated": "2026-02-26T18:28:01.214Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-43826 (GCVE-0-2023-43826)

    Vulnerability from cvelistv5 – Published: 2023-12-19 19:50 – Updated: 2026-02-25 17:51
    VLAI
    Title
    Apache Guacamole: Integer overflow in handling of VNC image buffers
    Summary
    Apache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow. If a user connects to a malicious or compromised VNC server, specially-crafted data could result in memory corruption, possibly allowing arbitrary code to be executed with the privileges of the running guacd process. Users are recommended to upgrade to version 1.5.4, which fixes this issue.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-190 - Integer Overflow or Wraparound
    Assigner
    Impacted products
    Vendor Product Version
    Apache Software Foundation Apache Guacamole Affected: 0 , ≤ 1.5.3 (semver)
    Create a notification for this product.
    Credits
    Joseph Surin (Elttam) Matt Jones (Elttam)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T19:52:11.339Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread/23gzwftpfgtq97tj6ttmbclry53kmwv6"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2023/12/19/4"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-43826",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-21T03:55:15.865919Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-25T17:51:44.807Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Apache Guacamole",
              "vendor": "Apache Software Foundation",
              "versions": [
                {
                  "lessThanOrEqual": "1.5.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Joseph Surin (Elttam)"
            },
            {
              "lang": "en",
              "type": "reporter",
              "value": "Matt Jones (Elttam)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cdiv\u003eApache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow. If a user connects to a malicious or compromised VNC server, specially-crafted data could result in memory corruption, possibly allowing arbitrary code to be executed with the privileges of the running guacd process.\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eUsers are recommended to upgrade to version 1.5.4, which fixes this issue.\u003c/div\u003e"
                }
              ],
              "value": "Apache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow. If a user connects to a malicious or compromised VNC server, specially-crafted data could result in memory corruption, possibly allowing arbitrary code to be executed with the privileges of the running guacd process.\n\nUsers are recommended to upgrade to version 1.5.4, which fixes this issue."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "text": "important"
                },
                "type": "Textual description of severity"
              }
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "A malicious Guacamole user has managed to compromise a VNC server to which they have already been granted access by a Guacamole administrator."
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "An attacker does not necessarily have any access to Guacamole, but has managed to compromise a VNC server that some other Guacamole user may access."
                },
                {
                  "lang": "en",
                  "value": "An attacker does not necessarily have any access to Guacamole, but has managed to convince a Guacamole administrator to provide at least one Guacamole user with access to a malicious VNC server through social engineering."
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 0,
                "baseSeverity": "NONE",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "An attacker has sufficient privileges within Guacamole to create their own connections, and configures Guacamole to connect to a malicious/compromised VNC server."
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-190",
                  "description": "CWE-190 Integer Overflow or Wraparound",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-19T19:55:08.322Z",
            "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            "shortName": "apache"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.apache.org/thread/23gzwftpfgtq97tj6ttmbclry53kmwv6"
            },
            {
              "url": "http://www.openwall.com/lists/oss-security/2023/12/19/4"
            }
          ],
          "source": {
            "defect": [
              "GUACAMOLE-1867"
            ],
            "discovery": "EXTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2023-09-22T03:08:00.000Z",
              "value": "Reported to security@guacamole.apache.org"
            },
            {
              "lang": "en",
              "time": "2023-09-22T16:44:00.000Z",
              "value": "Report acknowledged by project"
            },
            {
              "lang": "en",
              "time": "2023-09-22T21:42:00.000Z",
              "value": "Report confirmed by project"
            },
            {
              "lang": "en",
              "time": "2023-10-26T17:36:00.000Z",
              "value": "Fix completed and merged"
            },
            {
              "lang": "en",
              "time": "2023-10-27T00:15:00.000Z",
              "value": "Fix tested and confirmed by reporter"
            },
            {
              "lang": "en",
              "time": "2023-12-08T01:00:00.000Z",
              "value": "Fix released"
            }
          ],
          "title": "Apache Guacamole: Integer overflow in handling of VNC image buffers",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "assignerShortName": "apache",
        "cveId": "CVE-2023-43826",
        "datePublished": "2023-12-19T19:50:15.188Z",
        "dateReserved": "2023-09-25T04:00:57.264Z",
        "dateUpdated": "2026-02-25T17:51:44.807Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-30576 (GCVE-0-2023-30576)

    Vulnerability from cvelistv5 – Published: 2023-06-07 08:06 – Updated: 2024-10-10 14:43
    VLAI
    Title
    Apache Guacamole: Use-after-free in handling of RDP audio input buffer
    Summary
    Apache Guacamole 0.9.10 through 1.5.1 may continue to reference a freed RDP audio input buffer. Depending on timing, this may allow an attacker to execute arbitrary code with the privileges of the guacd process.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    Apache Software Foundation Apache Guacamole Affected: 0.9.10 , ≤ 1.5.1 (semver)
    Create a notification for this product.
    apache guacamole Affected: 0.9.10 , ≤ 1.5.1 (custom)
        cpe:2.3:a:apache:guacamole:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Stefan Schiller (Sonar)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:28:52.009Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread/vgtvxb3w7mm84hx6v8dfc0onsoz05gb6"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:apache:guacamole:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "guacamole",
                "vendor": "apache",
                "versions": [
                  {
                    "lessThanOrEqual": "1.5.1",
                    "status": "affected",
                    "version": "0.9.10",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-30576",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-10T14:40:13.451018Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-10T14:43:27.765Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Apache Guacamole",
              "vendor": "Apache Software Foundation",
              "versions": [
                {
                  "lessThanOrEqual": "1.5.1",
                  "status": "affected",
                  "version": "0.9.10",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Stefan Schiller (Sonar)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Apache Guacamole 0.9.10 through 1.5.1 may continue to reference a freed RDP audio input buffer. Depending on timing, this may allow an attacker to execute arbitrary code with the privileges of the guacd process.\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "Apache Guacamole 0.9.10 through 1.5.1 may continue to reference a freed RDP audio input buffer. Depending on timing, this may allow an attacker to execute arbitrary code with the privileges of the guacd process.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-416",
                  "description": "CWE-416 Use After Free",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-07T08:06:54.840Z",
            "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            "shortName": "apache"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.apache.org/thread/vgtvxb3w7mm84hx6v8dfc0onsoz05gb6"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2023-04-11T12:51:00.000Z",
              "value": "Reported to security@guacamole.apache.org"
            },
            {
              "lang": "en",
              "time": "2023-04-11T13:07:00.000Z",
              "value": "Report acknowledged by project"
            },
            {
              "lang": "en",
              "time": "2023-04-11T17:46:00.000Z",
              "value": "Report confirmed by project"
            },
            {
              "lang": "en",
              "time": "2023-05-08T20:01:00.000Z",
              "value": "Fix completed and merged"
            },
            {
              "lang": "en",
              "time": "2023-05-09T08:32:00.000Z",
              "value": "Fix tested and confirmed by reporter"
            },
            {
              "lang": "en",
              "time": "2023-05-25T03:19:00.000Z",
              "value": "Fix released"
            }
          ],
          "title": "Apache Guacamole: Use-after-free in handling of RDP audio input buffer",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "assignerShortName": "apache",
        "cveId": "CVE-2023-30576",
        "datePublished": "2023-06-07T08:06:54.840Z",
        "dateReserved": "2023-04-12T20:55:56.105Z",
        "dateUpdated": "2024-10-10T14:43:27.765Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-30575 (GCVE-0-2023-30575)

    Vulnerability from cvelistv5 – Published: 2023-06-07 08:06 – Updated: 2024-10-10 14:39
    VLAI
    Title
    Apache Guacamole: Incorrect calculation of Guacamole protocol element lengths
    Summary
    Apache Guacamole 1.5.1 and older may incorrectly calculate the lengths of instruction elements sent during the Guacamole protocol handshake, potentially allowing an attacker to inject Guacamole instructions during the handshake through specially-crafted data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-131 - Incorrect Calculation of Buffer Size
    Assigner
    References
    Impacted products
    Vendor Product Version
    Apache Software Foundation Apache Guacamole Affected: 0 , ≤ 1.5.1 (semver)
    Create a notification for this product.
    Credits
    Stefan Schiller (Sonar)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T14:28:51.955Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread/tn63n2lon0h5p45oft834t1dqvvxownv"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-30575",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-10T14:39:18.400824Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-10T14:39:33.936Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Apache Guacamole",
              "vendor": "Apache Software Foundation",
              "versions": [
                {
                  "lessThanOrEqual": "1.5.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Stefan Schiller (Sonar)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Apache Guacamole 1.5.1 and older may incorrectly calculate the lengths of instruction elements sent during the Guacamole protocol handshake, potentially allowing an attacker to inject Guacamole instructions during the handshake through specially-crafted data.\u003cbr\u003e\u003cbr\u003e"
                }
              ],
              "value": "Apache Guacamole 1.5.1 and older may incorrectly calculate the lengths of instruction elements sent during the Guacamole protocol handshake, potentially allowing an attacker to inject Guacamole instructions during the handshake through specially-crafted data.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-131",
                  "description": "CWE-131 Incorrect Calculation of Buffer Size",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-06-15T07:28:16.579Z",
            "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            "shortName": "apache"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.apache.org/thread/tn63n2lon0h5p45oft834t1dqvvxownv"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2023-04-11T14:51:00.000Z",
              "value": "Reported to security@guacamole.apache.org"
            },
            {
              "lang": "en",
              "time": "2023-04-11T15:07:00.000Z",
              "value": "Report acknowledged by project"
            },
            {
              "lang": "en",
              "time": "2023-04-11T19:46:00.000Z",
              "value": "Report confirmed by project"
            },
            {
              "lang": "en",
              "time": "2023-05-08T22:01:00.000Z",
              "value": "Fix completed and merged"
            },
            {
              "lang": "en",
              "time": "2023-05-09T10:32:00.000Z",
              "value": "Fix tested and confirmed by reporter"
            },
            {
              "lang": "en",
              "time": "2023-05-25T05:19:00.000Z",
              "value": "Fix released"
            }
          ],
          "title": "Apache Guacamole: Incorrect calculation of Guacamole protocol element lengths",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "assignerShortName": "apache",
        "cveId": "CVE-2023-30575",
        "datePublished": "2023-06-07T08:06:36.061Z",
        "dateReserved": "2023-04-12T20:53:54.616Z",
        "dateUpdated": "2024-10-10T14:39:33.936Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-43999 (GCVE-0-2021-43999)

    Vulnerability from cvelistv5 – Published: 2022-01-11 22:10 – Updated: 2024-08-04 04:10
    VLAI
    Title
    Improper validation of SAML responses
    Summary
    Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses received from a SAML identity provider. If SAML support is enabled, this may allow a malicious user to assume the identity of another Guacamole user.
    Severity
    No CVSS data available.
    CWE
    • CWE-287 - Improper Authentication
    Assigner
    References
    Impacted products
    Vendor Product Version
    Apache Software Foundation Apache Guacamole Affected: 1.3.0
    Affected: 1.2.0
    Create a notification for this product.
    Credits
    We would like to thank Finn Steglich (ETAS) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T04:10:17.191Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread/4dt9h5mo4o9rxlgxm3rp8wfqdtdjn2z9"
              },
              {
                "name": "[oss-security] 20220111 [SECURITY] CVE-2021-43999: Apache Guacamole: Improper validation of SAML responses",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2022/01/11/7"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Apache Guacamole",
              "vendor": "Apache Software Foundation",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.3.0"
                },
                {
                  "status": "affected",
                  "version": "1.2.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "We would like to thank Finn Steglich (ETAS) for reporting this issue."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses received from a SAML identity provider. If SAML support is enabled, this may allow a malicious user to assume the identity of another Guacamole user."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "other": "high"
                },
                "type": "unknown"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "CWE-287 Improper Authentication",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-12T00:06:11.000Z",
            "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            "shortName": "apache"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread/4dt9h5mo4o9rxlgxm3rp8wfqdtdjn2z9"
            },
            {
              "name": "[oss-security] 20220111 [SECURITY] CVE-2021-43999: Apache Guacamole: Improper validation of SAML responses",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2022/01/11/7"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Improper validation of SAML responses",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@apache.org",
              "ID": "CVE-2021-43999",
              "STATE": "PUBLIC",
              "TITLE": "Improper validation of SAML responses"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Apache Guacamole",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "1.3.0"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "1.2.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Apache Software Foundation"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "We would like to thank Finn Steglich (ETAS) for reporting this issue."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses received from a SAML identity provider. If SAML support is enabled, this may allow a malicious user to assume the identity of another Guacamole user."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": [
              {
                "other": "high"
              }
            ],
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-287 Improper Authentication"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://lists.apache.org/thread/4dt9h5mo4o9rxlgxm3rp8wfqdtdjn2z9",
                  "refsource": "MISC",
                  "url": "https://lists.apache.org/thread/4dt9h5mo4o9rxlgxm3rp8wfqdtdjn2z9"
                },
                {
                  "name": "[oss-security] 20220111 [SECURITY] CVE-2021-43999: Apache Guacamole: Improper validation of SAML responses",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2022/01/11/7"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "assignerShortName": "apache",
        "cveId": "CVE-2021-43999",
        "datePublished": "2022-01-11T22:10:12.000Z",
        "dateReserved": "2021-11-18T00:00:00.000Z",
        "dateUpdated": "2024-08-04T04:10:17.191Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-41767 (GCVE-0-2021-41767)

    Vulnerability from cvelistv5 – Published: 2022-01-11 22:10 – Updated: 2024-08-04 03:15
    VLAI
    Title
    Private tunnel identifier may be included in the non-private details of active connections
    Summary
    Apache Guacamole 1.3.0 and older may incorrectly include a private tunnel identifier in the non-private details of some REST responses. This may allow an authenticated user who already has permission to access a particular connection to read from or interact with another user's active use of that same connection.
    Severity
    No CVSS data available.
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    References
    Impacted products
    Vendor Product Version
    Apache Software Foundation Apache Guacamole Affected: unspecified , ≤ 1.3.0 (custom)
    Create a notification for this product.
    Credits
    We would like to thank Damian Velardo (Australia and New Zealand Banking Group) for reporting this issue.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T03:15:29.360Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread/5l31k4jmzdsfz0xt8osrbl878gb3b7ro"
              },
              {
                "name": "[oss-security] 20220111 [SECURITY] CVE-2021-41767: Apache Guacamole: Private tunnel identifier may be included in the non-private details of active connections",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2022/01/11/6"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Apache Guacamole",
              "vendor": "Apache Software Foundation",
              "versions": [
                {
                  "lessThanOrEqual": "1.3.0",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "We would like to thank Damian Velardo (Australia and New Zealand Banking Group) for reporting this issue."
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Apache Guacamole 1.3.0 and older may incorrectly include a private tunnel identifier in the non-private details of some REST responses. This may allow an authenticated user who already has permission to access a particular connection to read from or interact with another user\u0027s active use of that same connection."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "other": "moderate"
                },
                "type": "unknown"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-01-12T00:06:13.000Z",
            "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            "shortName": "apache"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread/5l31k4jmzdsfz0xt8osrbl878gb3b7ro"
            },
            {
              "name": "[oss-security] 20220111 [SECURITY] CVE-2021-41767: Apache Guacamole: Private tunnel identifier may be included in the non-private details of active connections",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2022/01/11/6"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Private tunnel identifier may be included in the non-private details of active connections",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@apache.org",
              "ID": "CVE-2021-41767",
              "STATE": "PUBLIC",
              "TITLE": "Private tunnel identifier may be included in the non-private details of active connections"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Apache Guacamole",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_value": "1.3.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Apache Software Foundation"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "We would like to thank Damian Velardo (Australia and New Zealand Banking Group) for reporting this issue."
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Apache Guacamole 1.3.0 and older may incorrectly include a private tunnel identifier in the non-private details of some REST responses. This may allow an authenticated user who already has permission to access a particular connection to read from or interact with another user\u0027s active use of that same connection."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": [
              {
                "other": "moderate"
              }
            ],
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://lists.apache.org/thread/5l31k4jmzdsfz0xt8osrbl878gb3b7ro",
                  "refsource": "MISC",
                  "url": "https://lists.apache.org/thread/5l31k4jmzdsfz0xt8osrbl878gb3b7ro"
                },
                {
                  "name": "[oss-security] 20220111 [SECURITY] CVE-2021-41767: Apache Guacamole: Private tunnel identifier may be included in the non-private details of active connections",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2022/01/11/6"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "assignerShortName": "apache",
        "cveId": "CVE-2021-41767",
        "datePublished": "2022-01-11T22:10:11.000Z",
        "dateReserved": "2021-09-28T00:00:00.000Z",
        "dateUpdated": "2024-08-04T03:15:29.360Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-1340 (GCVE-0-2018-1340)

    Vulnerability from cvelistv5 – Published: 2019-02-07 22:00 – Updated: 2024-09-16 19:20
    VLAI
    Summary
    Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user's session token. This cookie lacked the "secure" flag, which could allow an attacker eavesdropping on the network to intercept the user's session token if unencrypted HTTP requests are made to the same domain.
    Severity
    No CVSS data available.
    CWE
    • Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
    Assigner
    References
    Impacted products
    Vendor Product Version
    Apache Software Foundation Apache Guacamole Affected: Apache Guacamole 0.9.4 to 0.9.14
    Create a notification for this product.
    Date Public
    2019-01-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T03:59:39.052Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/af1632e13dd9acf7537546660cae9143cbb10fdd2f9bb0832a690979%40%3Cannounce.guacamole.apache.org%3E"
              },
              {
                "name": "106768",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106768"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Apache Guacamole",
              "vendor": "Apache Software Foundation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Apache Guacamole 0.9.4 to 0.9.14"
                }
              ]
            }
          ],
          "datePublic": "2019-01-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user\u0027s session token. This cookie lacked the \"secure\" flag, which could allow an attacker eavesdropping on the network to intercept the user\u0027s session token if unencrypted HTTP requests are made to the same domain."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-02-09T10:57:01.000Z",
            "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            "shortName": "apache"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/af1632e13dd9acf7537546660cae9143cbb10fdd2f9bb0832a690979%40%3Cannounce.guacamole.apache.org%3E"
            },
            {
              "name": "106768",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106768"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@apache.org",
              "DATE_PUBLIC": "2019-01-23T00:00:00",
              "ID": "CVE-2018-1340",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Apache Guacamole",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Apache Guacamole 0.9.4 to 0.9.14"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Apache Software Foundation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user\u0027s session token. This cookie lacked the \"secure\" flag, which could allow an attacker eavesdropping on the network to intercept the user\u0027s session token if unencrypted HTTP requests are made to the same domain."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Sensitive Cookie in HTTPS Session Without \u0027Secure\u0027 Attribute"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://lists.apache.org/thread.html/af1632e13dd9acf7537546660cae9143cbb10fdd2f9bb0832a690979@%3Cannounce.guacamole.apache.org%3E",
                  "refsource": "MISC",
                  "url": "https://lists.apache.org/thread.html/af1632e13dd9acf7537546660cae9143cbb10fdd2f9bb0832a690979@%3Cannounce.guacamole.apache.org%3E"
                },
                {
                  "name": "106768",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106768"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "assignerShortName": "apache",
        "cveId": "CVE-2018-1340",
        "datePublished": "2019-02-07T22:00:00.000Z",
        "dateReserved": "2017-12-07T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:20:49.021Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-3158 (GCVE-0-2017-3158)

    Vulnerability from cvelistv5 – Published: 2018-01-18 20:00 – Updated: 2024-09-16 16:37
    VLAI
    Summary
    A race condition in Guacamole's terminal emulator in versions 0.9.5 through 0.9.10-incubating could allow writes of blocks of printed data to overlap. Such overlapping writes could cause packet data to be misread as the packet length, resulting in the remaining data being written beyond the end of a statically-allocated buffer.
    Severity
    No CVSS data available.
    CWE
    • Buffer Overflow
    Assigner
    References
    Impacted products
    Vendor Product Version
    Apache Software Foundation Apache Guacamole Affected: Apache Guacamole 0.9.5 to 0.9.10-incubating
    Create a notification for this product.
    Date Public
    2018-01-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T14:16:28.246Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/b218d36bfdaf655d27382daec4dcd02ec717631f4aee8b7e4300ad65%40%3Cuser.guacamole.apache.org%3E"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Apache Guacamole",
              "vendor": "Apache Software Foundation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Apache Guacamole 0.9.5 to 0.9.10-incubating"
                }
              ]
            }
          ],
          "datePublic": "2018-01-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A race condition in Guacamole\u0027s terminal emulator in versions 0.9.5 through 0.9.10-incubating could allow writes of blocks of printed data to overlap. Such overlapping writes could cause packet data to be misread as the packet length, resulting in the remaining data being written beyond the end of a statically-allocated buffer."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-18T19:57:01.000Z",
            "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            "shortName": "apache"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://lists.apache.org/thread.html/b218d36bfdaf655d27382daec4dcd02ec717631f4aee8b7e4300ad65%40%3Cuser.guacamole.apache.org%3E"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "security@apache.org",
              "DATE_PUBLIC": "2018-01-15T00:00:00",
              "ID": "CVE-2017-3158",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Apache Guacamole",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Apache Guacamole 0.9.5 to 0.9.10-incubating"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Apache Software Foundation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A race condition in Guacamole\u0027s terminal emulator in versions 0.9.5 through 0.9.10-incubating could allow writes of blocks of printed data to overlap. Such overlapping writes could cause packet data to be misread as the packet length, resulting in the remaining data being written beyond the end of a statically-allocated buffer."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Buffer Overflow"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://lists.apache.org/thread.html/b218d36bfdaf655d27382daec4dcd02ec717631f4aee8b7e4300ad65@%3Cuser.guacamole.apache.org%3E",
                  "refsource": "MISC",
                  "url": "https://lists.apache.org/thread.html/b218d36bfdaf655d27382daec4dcd02ec717631f4aee8b7e4300ad65@%3Cuser.guacamole.apache.org%3E"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "assignerShortName": "apache",
        "cveId": "CVE-2017-3158",
        "datePublished": "2018-01-18T20:00:00.000Z",
        "dateReserved": "2016-12-05T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:37:33.486Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }