PT-2023-22797 · Apache+1 · Apache Guacamole+1

Stefan Schiller

Publicado

2023-06-07

Atualizado

2025-01-29

CVE-2023-30576

CVSS v3.1

8.1

Alta

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Apache Guacamole versions 0.9.10 through 1.5.1

Description The issue allows an attacker to execute arbitrary code with the privileges of the guacd process, depending on timing, as Apache Guacamole may continue to reference a freed RDP audio input buffer.

Recommendations For Apache Guacamole versions 0.9.10 through 1.5.1, update to a version that fixes the issue with referencing freed RDP audio input buffers to prevent arbitrary code execution with the privileges of the guacd process.

Correção

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416

Identificadores relacionados

ALT-PU-2023-5017

ALT-PU-2023-5018

ALT-PU-2024-16343

ALT-PU-2024-6761

ALT-PU-2024-8914

ALT-PU-2024-8918

ALT-PU-2025-2021

BIT-GUACAMOLE-2023-30576

BIT-GUACAMOLE-SERVER-2023-30576

CVE-2023-30576

Produtos afetados

Alt Linux

Apache Guacamole

PT-2023-22797 · Apache+1 · Apache Guacamole+1

CVE-2023-30576

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 24