CVE-2023-30575: Apache Guacamole: Incorrect calculation of Guacamole protocol element lengths
First published: Wed Jun 07 2023(Updated: )
Apache Guacamole 1.5.1 and older may incorrectly calculate the lengths of instruction elements sent during the Guacamole protocol handshake, potentially allowing an attacker to inject Guacamole instructions during the handshake through specially-crafted data.
Credit: security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache Guacamole | <1.5.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this Apache Guacamole vulnerability?
The vulnerability ID for this Apache Guacamole vulnerability is CVE-2023-30575.
What is the severity of CVE-2023-30575?
The severity of CVE-2023-30575 is high with a score of 7.5.
How does Apache Guacamole 1.5.1 and older handle instruction elements during the handshake?
Apache Guacamole 1.5.1 and older may incorrectly calculate the lengths of instruction elements sent during the handshake.
What is the potential impact of this vulnerability?
This vulnerability could allow an attacker to inject Guacamole instructions during the handshake through specially-crafted data.
Is there a fix for this vulnerability?
Yes, the fix is available in Apache Guacamole version 1.5.2 and newer.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/references
- agent/severity
- agent/title
- agent/weakness
- agent/tags
- agent/event
- agent/first-publish-date
- agent/description
- vendor/apache
- canonical/apache guacamole