CVE-2023-43826

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Apache Guacamole versions 1.5.3 and older

Description The issue arises from inconsistent handling of values received from a VNC server, which can lead to integer overflow. If a user connects to a malicious or compromised VNC server, specially-crafted data could result in memory corruption, possibly allowing arbitrary code to be executed with the privileges of the running guacd process. Approximately 29,620 results are mainly distributed in the United States, Germany, and other countries.

Recommendations For Apache Guacamole versions 1.5.3 and older, upgrade to version 1.5.4, which fixes this issue. As a temporary workaround, consider restricting access to the VNC server to minimize the risk of exploitation. Avoid using potentially malicious or compromised VNC servers until the issue is resolved.

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALT-PU-2023-8340

ALT-PU-2023-8341

ALT-PU-2024-16343

ALT-PU-2024-6761

ALT-PU-2024-8914

ALT-PU-2024-8918

ALT-PU-2025-2021

BIT-GUACAMOLE-2023-43826

BIT-GUACAMOLE-SERVER-2023-43826

CVE-2023-43826

Affected Products

Alt Linux

Apache Guacamole

CVE-2023-43826

Weakness Enumeration

Related Identifiers

Affected Products

References · 39