CVE-2017-3158 – org.apache.guacamole:guacamole-common

Package

Manager: maven
Name: org.apache.guacamole:guacamole-common
Vulnerable Version: >=0.9.5 <0.9.11-incubating

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00687 pctl0.70831

Details

Apache Guacamole Race Condition vulnerability A race condition in Guacamole's terminal emulator in versions 0.9.5 through 0.9.10-incubating could allow writes of blocks of printed data to overlap. Such overlapping writes could cause packet data to be misread as the packet length, resulting in the remaining data being written beyond the end of a statically-allocated buffer.

Metadata

Created: 2022-05-14T03:46:14Z
Modified: 2022-11-08T23:02:35Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-3vv3-585q-wv6x/GHSA-3vv3-585q-wv6x.json
CWE IDs: ["CWE-362"]
Alternative ID: GHSA-3vv3-585q-wv6x
Finding: F124
Auto approve: 1