oss-sec mailing list archives

[SECURITY] CVE-2023-30576: Apache Guacamole: Use-after-free in handling of RDP audio input buffer

From: Michael Jumper <mjumper () apache org>
Date: Tue, 6 Jun 2023 10:12:29 -0700

Severity: moderate
Base CVSS Score: 6.8 (AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N)

Affected versions:

- Apache Guacamole 0.9.10 through 1.5.1

Description:

Apache Guacamole 0.9.10 through 1.5.1 may continue to reference a freedRDP audio input buffer. Depending on timing, this may allow an attackerto execute arbitrary code with the privileges of the guacd process.


Mitigation:

Users of versions of Apache Guacamole 1.5.1 and older should upgrade tothe 1.5.2 release.


Credit:

We would like to thank Stefan Schiller (Sonar) for reporting this issue.

References:

https://guacamole.apache.org/
https://www.cve.org/CVERecord?id=CVE-2023-30576

Timeline:

2023-04-11: Reported to security () guacamole apache org
2023-04-11: Report acknowledged by project
2023-04-12: Report confirmed by project
2023-05-09: Fix completed and merged
2023-05-09: Fix tested and confirmed by reporter
2023-05-25: Fix released

Current thread:

[SECURITY] CVE-2023-30576: Apache Guacamole: Use-after-free in handling of RDP audio input buffer Michael Jumper (Jun 06)
- Re: [SECURITY] CVE-2023-30576: Apache Guacamole: Use-after-free in handling of RDP audio input buffer Demi Marie Obenour (Jun 06)
  - Re: [SECURITY] CVE-2023-30576: Apache Guacamole: Use-after-free in handling of RDP audio input buffer Michael Jumper (Jun 06)