UBUNTU-CVE-2023-43826

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2023-43826

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-43826.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2023-43826

Related

CVE-2023-43826

Published

2023-12-19T20:15:00Z

Modified

2025-01-13T10:24:24Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Apache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow. If a user connects to a malicious or compromised VNC server, specially-crafted data could result in memory corruption, possibly allowing arbitrary code to be executed with the privileges of the running guacd process. Users are recommended to upgrade to version 1.5.4, which fixes this issue.

References

Affected packages

Ubuntu:Pro:16.04:LTS / guacamole-client

Package

Name: guacamole-client
Purl: pkg:deb/ubuntu/guacamole-client@0.8.3-1.2?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.8.3-1.1

0.8.3-1.2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / guacamole-client

Package

Name: guacamole-client
Purl: pkg:deb/ubuntu/guacamole-client@0.9.9+dfsg-1?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.9.9+dfsg-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}