CVE-2023-43826 - OpenCVE

Apache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow. If a user connects to a malicious or compromised VNC server, specially-crafted data could result in memory corruption, possibly allowing arbitrary code to be executed with the privileges of the running guacd process. Users are recommended to upgrade to version 1.5.4, which fixes this issue.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Apache	Guacamole

Configuration 1 [-]

cpe:2.3:a:apache:guacamole:*:*:*:*:*:*:*:*

References

Link	Resource
http://www.openwall.com/lists/oss-security/2023/12/19/4	Mailing List Third Party Advisory
https://lists.apache.org/thread/23gzwftpfgtq97tj6ttmbclry53kmwv6	Mailing List Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: apache

Published: 2023-12-19T19:50:15.188Z

Updated: 2023-12-19T19:50:15.188Z

Reserved: 2023-09-25T04:00:57.264Z

Link: CVE-2023-43826

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-12-19T20:15:08.300

Modified: 2023-12-22T20:45:28.967

Link: CVE-2023-43826

JSON object: View

Redhat Information

No data.

CWE

CWE-190

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-43826", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2023-09-25T04:00:57.264Z", "datePublished": "2023-12-19T19:50:15.188Z", "dateUpdated": "2023-12-19T19:50:15.188Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Apache Guacamole", "vendor": "Apache Software Foundation", "versions": [{"lessThanOrEqual": "1.5.3", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "Joseph Surin (Elttam)"}, {"lang": "en", "type": "reporter", "value": "Matt Jones (Elttam)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div>Apache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow. If a user connects to a malicious or compromised VNC server, specially-crafted data could result in memory corruption, possibly allowing arbitrary code to be executed with the privileges of the running guacd process.<br></div><div>Users are recommended to upgrade to version 1.5.4, which fixes this issue.</div>"}], "value": "Apache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow. If a user connects to a malicious or compromised VNC server, specially-crafted data could result in memory corruption, possibly allowing arbitrary code to be executed with the privileges of the running guacd process.\n\nUsers are recommended to upgrade to version 1.5.4, which fixes this issue.\n\n"}], "metrics": [{"other": {"content": {"text": "important"}, "type": "Textual description of severity"}}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "A malicious Guacamole user has managed to compromise a VNC server to which they have already been granted access by a Guacamole administrator."}]}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "An attacker does not necessarily have any access to Guacamole, but has managed to compromise a VNC server that some other Guacamole user may access."}, {"lang": "en", "value": "An attacker does not necessarily have any access to Guacamole, but has managed to convince a Guacamole administrator to provide at least one Guacamole user with access to a malicious VNC server through social engineering."}]}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 0, "baseSeverity": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "An attacker has sufficient privileges within Guacamole to create their own connections, and configures Guacamole to connect to a malicious/compromised VNC server."}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-190", "description": "CWE-190 Integer Overflow or Wraparound", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2023-12-19T19:50:15.188Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/23gzwftpfgtq97tj6ttmbclry53kmwv6"}, {"url": "http://www.openwall.com/lists/oss-security/2023/12/19/4"}], "source": {"defect": ["GUACAMOLE-1867"], "discovery": "EXTERNAL"}, "timeline": [{"lang": "en", "time": "2023-09-22T03:08:00.000Z", "value": "Reported to security@guacamole.apache.org"}, {"lang": "en", "time": "2023-09-22T16:44:00.000Z", "value": "Report acknowledged by project"}, {"lang": "en", "time": "2023-09-22T21:42:00.000Z", "value": "Report confirmed by project"}, {"lang": "en", "time": "2023-10-26T17:36:00.000Z", "value": "Fix completed and merged"}, {"lang": "en", "time": "2023-10-27T00:15:00.000Z", "value": "Fix tested and confirmed by reporter"}, {"lang": "en", "time": "2023-12-08T01:00:00.000Z", "value": "Fix released"}], "title": "Apache Guacamole: Integer overflow in handling of VNC image buffers", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:guacamole:*:*:*:*:*:*:*:*", "matchCriteriaId": "BCF38330-2A18-4595-BDB4-0789A9F4BD2C", "versionEndIncluding": "1.5.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Apache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow. If a user connects to a malicious or compromised VNC server, specially-crafted data could result in memory corruption, possibly allowing arbitrary code to be executed with the privileges of the running guacd process.\n\nUsers are recommended to upgrade to version 1.5.4, which fixes this issue.\n\n"}, {"lang": "es", "value": "Apache Guacamole 1.5.3 y anteriores no garantizan sistem\u00e1ticamente que los valores recibidos de un servidor VNC no produzcan un desbordamiento de enteros. Si un usuario se conecta a un servidor VNC malicioso o comprometido, los datos especialmente manipulados podr\u00edan da\u00f1ar la memoria, permitiendo posiblemente que se ejecute c\u00f3digo arbitrario con los privilegios del proceso guacd en ejecuci\u00f3n. Se recomienda a los usuarios actualizar a la versi\u00f3n 1.5.4, que soluciona este problema."}], "id": "CVE-2023-43826", "lastModified": "2023-12-22T20:45:28.967", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "security@apache.org", "type": "Secondary"}]}, "published": "2023-12-19T20:15:08.300", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2023/12/19/4"}, {"source": "security@apache.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread/23gzwftpfgtq97tj6ttmbclry53kmwv6"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "security@apache.org", "type": "Primary"}]}