CVE-2023-43826 - OpenCVE

Apache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow. If a user connects to a malicious or compromised VNC server, specially-crafted data could result in memory corruption, possibly allowing arbitrary code to be executed with the privileges of the running guacd process. Users are recommended to upgrade to version 1.5.4, which fixes this issue.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache	Guacamole

Configuration 1 [-]

cpe:2.3:a:apache:guacamole:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2023/12/19/4
https://lists.apache.org/thread/23gzwftpfgtq97tj6ttmbclry53kmwv6

History

No history.

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2023-12-19T19:50:15.188Z

Updated: 2024-08-02T19:52:11.339Z

Reserved: 2023-09-25T04:00:57.264Z

Link: CVE-2023-43826

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-12-19T20:15:08.300

Modified: 2023-12-22T20:45:28.967

Link: CVE-2023-43826

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-43826", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2023-09-25T04:00:57.264Z", "datePublished": "2023-12-19T19:50:15.188Z", "dateUpdated": "2024-08-02T19:52:11.339Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Apache Guacamole", "vendor": "Apache Software Foundation", "versions": [{"lessThanOrEqual": "1.5.3", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "Joseph Surin (Elttam)"}, {"lang": "en", "type": "reporter", "value": "Matt Jones (Elttam)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div>Apache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow. If a user connects to a malicious or compromised VNC server, specially-crafted data could result in memory corruption, possibly allowing arbitrary code to be executed with the privileges of the running guacd process.<br></div><div>Users are recommended to upgrade to version 1.5.4, which fixes this issue.</div>"}], "value": "Apache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow. If a user connects to a malicious or compromised VNC server, specially-crafted data could result in memory corruption, possibly allowing arbitrary code to be executed with the privileges of the running guacd process.\n\nUsers are recommended to upgrade to version 1.5.4, which fixes this issue.\n\n"}], "metrics": [{"other": {"content": {"text": "important"}, "type": "Textual description of severity"}}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "A malicious Guacamole user has managed to compromise a VNC server to which they have already been granted access by a Guacamole administrator."}]}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "An attacker does not necessarily have any access to Guacamole, but has managed to compromise a VNC server that some other Guacamole user may access."}, {"lang": "en", "value": "An attacker does not necessarily have any access to Guacamole, but has managed to convince a Guacamole administrator to provide at least one Guacamole user with access to a malicious VNC server through social engineering."}]}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 0, "baseSeverity": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "An attacker has sufficient privileges within Guacamole to create their own connections, and configures Guacamole to connect to a malicious/compromised VNC server."}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-190", "description": "CWE-190 Integer Overflow or Wraparound", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2023-12-19T19:50:15.188Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/23gzwftpfgtq97tj6ttmbclry53kmwv6"}, {"url": "http://www.openwall.com/lists/oss-security/2023/12/19/4"}], "source": {"defect": ["GUACAMOLE-1867"], "discovery": "EXTERNAL"}, "timeline": [{"lang": "en", "time": "2023-09-22T03:08:00.000Z", "value": "Reported to security@guacamole.apache.org"}, {"lang": "en", "time": "2023-09-22T16:44:00.000Z", "value": "Report acknowledged by project"}, {"lang": "en", "time": "2023-09-22T21:42:00.000Z", "value": "Report confirmed by project"}, {"lang": "en", "time": "2023-10-26T17:36:00.000Z", "value": "Fix completed and merged"}, {"lang": "en", "time": "2023-10-27T00:15:00.000Z", "value": "Fix tested and confirmed by reporter"}, {"lang": "en", "time": "2023-12-08T01:00:00.000Z", "value": "Fix released"}], "title": "Apache Guacamole: Integer overflow in handling of VNC image buffers", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T19:52:11.339Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.apache.org/thread/23gzwftpfgtq97tj6ttmbclry53kmwv6"}, {"url": "http://www.openwall.com/lists/oss-security/2023/12/19/4", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:guacamole:*:*:*:*:*:*:*:*", "matchCriteriaId": "BCF38330-2A18-4595-BDB4-0789A9F4BD2C", "versionEndIncluding": "1.5.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Apache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow. If a user connects to a malicious or compromised VNC server, specially-crafted data could result in memory corruption, possibly allowing arbitrary code to be executed with the privileges of the running guacd process.\n\nUsers are recommended to upgrade to version 1.5.4, which fixes this issue.\n\n"}, {"lang": "es", "value": "Apache Guacamole 1.5.3 y anteriores no garantizan sistem\u00e1ticamente que los valores recibidos de un servidor VNC no produzcan un desbordamiento de enteros. Si un usuario se conecta a un servidor VNC malicioso o comprometido, los datos especialmente manipulados podr\u00edan da\u00f1ar la memoria, permitiendo posiblemente que se ejecute c\u00f3digo arbitrario con los privilegios del proceso guacd en ejecuci\u00f3n. Se recomienda a los usuarios actualizar a la versi\u00f3n 1.5.4, que soluciona este problema."}], "id": "CVE-2023-43826", "lastModified": "2023-12-22T20:45:28.967", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "security@apache.org", "type": "Secondary"}]}, "published": "2023-12-19T20:15:08.300", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/12/19/4"}, {"source": "security@apache.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread/23gzwftpfgtq97tj6ttmbclry53kmwv6"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "security@apache.org", "type": "Primary"}]}