Name of the Vulnerable Software and Affected Versions:

Apache Guacamole versions 1.1.0 and older

Description:

The issue arises from improper validation of data received from RDP servers via static virtual channels. If a user connects to a malicious or compromised RDP server, specially-crafted PDUs could result in disclosure of information within the memory of the guacd process handling the connection.

Recommendations:

For Apache Guacamole versions 1.1.0 and older, consider updating to a version that properly validates data from RDP servers to prevent potential information disclosure. As a temporary workaround, restrict connections to trusted RDP servers to minimize the risk of exploitation.