PT-2023-29003 · Apache+1 · Apache Guacamole+1

Elttam

Publicado

2023-12-19

Atualizado

2025-01-29

CVE-2023-43826

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Apache Guacamole versions 1.5.3 and older

Description The issue arises from inconsistent handling of values received from a VNC server, which can lead to integer overflow. If a user connects to a malicious or compromised VNC server, specially-crafted data could result in memory corruption, possibly allowing arbitrary code to be executed with the privileges of the running guacd process. Approximately 29,620 results are mainly distributed in the United States, Germany, and other countries.

Recommendations For Apache Guacamole versions 1.5.3 and older, upgrade to version 1.5.4, which fixes this issue. As a temporary workaround, consider restricting access to the VNC server to minimize the risk of exploitation. Avoid using potentially malicious or compromised VNC servers until the issue is resolved.

Correção

Integer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-190

Identificadores relacionados

ALT-PU-2023-8340

ALT-PU-2023-8341

ALT-PU-2024-16343

ALT-PU-2024-6761

ALT-PU-2024-8914

ALT-PU-2024-8918

ALT-PU-2025-2021

BIT-GUACAMOLE-2023-43826

BIT-GUACAMOLE-SERVER-2023-43826

CVE-2023-43826

Produtos afetados

Alt Linux

Apache Guacamole

PT-2023-29003 · Apache+1 · Apache Guacamole+1

CVE-2023-43826

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 39