CVE-2023-43826
CVSS V2 None
CVSS V3 None
Description
Apache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow. If a user connects to a malicious or compromised VNC server, specially-crafted data could result in memory corruption, possibly allowing arbitrary code to be executed with the privileges of the running guacd process.
Users are recommended to upgrade to version 1.5.4, which fixes this issue.
Overview
- CVE ID
- CVE-2023-43826
- Assigner
- apache
- Vulnerability Status
- PUBLISHED
- Published Version
- 2023-12-19T19:50:15.188Z
- Last Modified Date
- 2023-12-19T19:50:15.188Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://lists.apache.org/thread/23gzwftpfgtq97tj6ttmbclry53kmwv6 | vendor-advisory |
| http://www.openwall.com/lists/oss-security/2023/12/19/4 |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-43826 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43826 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-25 16:00:48 | Added to TrackCVE |