Apache Guacamole

Apache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow

CVE-2023-43826 8.8 - High - December 19, 2023

Apache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow. If a user connects to a malicious or compromised VNC server, specially-crafted data could result in memory corruption, possibly allowing arbitrary code to be executed with the privileges of the running guacd process. Users are recommended to upgrade to version 1.5.4, which fixes this issue.

Integer Overflow or Wraparound

Apache Guacamole 0.9.10 through 1.5.1 may continue to reference a freed RDP audio input buffer

CVE-2023-30576 8.1 - High - June 07, 2023

Apache Guacamole 0.9.10 through 1.5.1 may continue to reference a freed RDP audio input buffer. Depending on timing, this may allow an attacker to execute arbitrary code with the privileges of the guacd process.

Dangling pointer

Apache Guacamole 1.5.1 and older may incorrectly calculate the lengths of instruction elements sent during the Guacamole protocol handshake, potentially

CVE-2023-30575 7.5 - High - June 07, 2023

Apache Guacamole 1.5.1 and older may incorrectly calculate the lengths of instruction elements sent during the Guacamole protocol handshake, potentially allowing an attacker to inject Guacamole instructions during the handshake through specially-crafted data.

Incorrect Calculation of Buffer Size

Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses received from a SAML identity provider

CVE-2021-43999 8.8 - High - January 11, 2022

Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses received from a SAML identity provider. If SAML support is enabled, this may allow a malicious user to assume the identity of another Guacamole user.

authentification

Apache Guacamole 1.3.0 and older may incorrectly include a private tunnel identifier in the non-private details of some REST responses

CVE-2021-41767 6.5 - Medium - January 11, 2022

Apache Guacamole 1.3.0 and older may incorrectly include a private tunnel identifier in the non-private details of some REST responses. This may allow an authenticated user who already has permission to access a particular connection to read from or interact with another user's active use of that same connection.

Information Disclosure

curl 7.7 through 7.76.1 suffers

CVE-2021-22898 3.1 - Low - June 11, 2021

curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.

Missing Initialization of Resource

Apache Guacamole 1.2.0 and earlier do not consistently restrict access to connection history based on user visibility

CVE-2020-11997 4.3 - Medium - January 19, 2021

Apache Guacamole 1.2.0 and earlier do not consistently restrict access to connection history based on user visibility. If multiple users share access to the same connection, those users may be able to see which other users have accessed that connection, as well as the IP addresses from which that connection was accessed, even if those users do not otherwise have permission to see other users.

Incorrect Default Permissions

Apache Guacamole 1.1.0 and older do not properly validate datareceived from RDP servers via static virtual channels

CVE-2020-9497 4.4 - Medium - July 02, 2020

Apache Guacamole 1.1.0 and older do not properly validate datareceived from RDP servers via static virtual channels. If a userconnects to a malicious or compromised RDP server, specially-craftedPDUs could result in disclosure of information within the memory ofthe guacd process handling the connection.

Information Disclosure

Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels

CVE-2020-9498 6.7 - Medium - July 02, 2020

Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed with the privileges of therunning guacd process.

Buffer Overflow

SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW

CVE-2019-19603 7.5 - High - December 09, 2019

SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent VIEW, leading to an application crash.

Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user's session token

CVE-2018-1340 7.5 - High - February 07, 2019

Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user's session token. This cookie lacked the "secure" flag, which could allow an attacker eavesdropping on the network to intercept the user's session token if unencrypted HTTP requests are made to the same domain.

Missing Encryption of Sensitive Data

Cross-site scripting (XSS) vulnerability in the file browser in Guacamole 0.9.8 and 0.9.9, when file transfer is enabled to a location shared by multiple users

CVE-2016-1566 5.4 - Medium - February 02, 2017

Cross-site scripting (XSS) vulnerability in the file browser in Guacamole 0.9.8 and 0.9.9, when file transfer is enabled to a location shared by multiple users, allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename. NOTE: this vulnerability was fixed in guacamole.war on 2016-01-13, but the version number was not changed.

XSS