Show plain JSON{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-43826", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2023-09-25T04:00:57.264Z", "datePublished": "2023-12-19T19:50:15.188Z", "dateUpdated": "2025-02-13T17:13:32.192Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Apache Guacamole", "vendor": "Apache Software Foundation", "versions": [{"lessThanOrEqual": "1.5.3", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "Joseph Surin (Elttam)"}, {"lang": "en", "type": "reporter", "value": "Matt Jones (Elttam)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div>Apache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow. If a user connects to a malicious or compromised VNC server, specially-crafted data could result in memory corruption, possibly allowing arbitrary code to be executed with the privileges of the running guacd process.<br></div><div>Users are recommended to upgrade to version 1.5.4, which fixes this issue.</div>"}], "value": "Apache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow. If a user connects to a malicious or compromised VNC server, specially-crafted data could result in memory corruption, possibly allowing arbitrary code to be executed with the privileges of the running guacd process.\n\nUsers are recommended to upgrade to version 1.5.4, which fixes this issue."}], "metrics": [{"other": {"content": {"text": "important"}, "type": "Textual description of severity"}}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "A malicious Guacamole user has managed to compromise a VNC server to which they have already been granted access by a Guacamole administrator."}]}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "An attacker does not necessarily have any access to Guacamole, but has managed to compromise a VNC server that some other Guacamole user may access."}, {"lang": "en", "value": "An attacker does not necessarily have any access to Guacamole, but has managed to convince a Guacamole administrator to provide at least one Guacamole user with access to a malicious VNC server through social engineering."}]}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 0, "baseSeverity": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "An attacker has sufficient privileges within Guacamole to create their own connections, and configures Guacamole to connect to a malicious/compromised VNC server."}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-190", "description": "CWE-190 Integer Overflow or Wraparound", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2023-12-19T19:55:08.322Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/23gzwftpfgtq97tj6ttmbclry53kmwv6"}, {"url": "http://www.openwall.com/lists/oss-security/2023/12/19/4"}], "source": {"defect": ["GUACAMOLE-1867"], "discovery": "EXTERNAL"}, "timeline": [{"lang": "en", "time": "2023-09-22T03:08:00.000Z", "value": "Reported to security@guacamole.apache.org"}, {"lang": "en", "time": "2023-09-22T16:44:00.000Z", "value": "Report acknowledged by project"}, {"lang": "en", "time": "2023-09-22T21:42:00.000Z", "value": "Report confirmed by project"}, {"lang": "en", "time": "2023-10-26T17:36:00.000Z", "value": "Fix completed and merged"}, {"lang": "en", "time": "2023-10-27T00:15:00.000Z", "value": "Fix tested and confirmed by reporter"}, {"lang": "en", "time": "2023-12-08T01:00:00.000Z", "value": "Fix released"}], "title": "Apache Guacamole: Integer overflow in handling of VNC image buffers", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:52:11.339Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.apache.org/thread/23gzwftpfgtq97tj6ttmbclry53kmwv6"}, {"url": "http://www.openwall.com/lists/oss-security/2023/12/19/4", "tags": ["x_transferred"]}]}]}} 
ReportizFlow
MITRE
Vulnrichment
NVD
Redhat