CVE-2023-30576

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Apache Guacamole versions 0.9.10 through 1.5.1

Description The issue allows an attacker to execute arbitrary code with the privileges of the guacd process, depending on timing, as Apache Guacamole may continue to reference a freed RDP audio input buffer.

Recommendations For Apache Guacamole versions 0.9.10 through 1.5.1, update to a version that fixes the issue with referencing freed RDP audio input buffers to prevent arbitrary code execution with the privileges of the guacd process.

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2023-5017

ALT-PU-2023-5018

ALT-PU-2024-16343

ALT-PU-2024-6761

ALT-PU-2024-8914

ALT-PU-2024-8918

ALT-PU-2025-2021

BIT-GUACAMOLE-2023-30576

BIT-GUACAMOLE-SERVER-2023-30576

CVE-2023-30576

Affected Products

Alt Linux

Apache Guacamole

CVE-2023-30576

Weakness Enumeration

Related Identifiers

Affected Products

References · 24