Apache Guacamole 1.1.0 and older do not properly validate datareceived from RDP servers via static virtual channels. If a userconnects to a malicious or compromised RDP server, specially-craftedPDUs could result in disclosure of information within the memory ofthe guacd process handling the connection.
References
Configurations
History
07 Nov 2023, 03:26
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
CWE | CWE-20 |
29 Mar 2021, 19:37
Type | Values Removed | Values Added |
---|---|---|
References | (MLIST) https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E - Mailing List, Vendor Advisory |
24 Feb 2021, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
28 Jan 2021, 22:29
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:* |
|
References | (MLIST) https://lists.debian.org/debian-lts-announce/2020/11/msg00010.html - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TVV5K2X4EXSAVUUL7IJ3MUJ3ADWMVSBM/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNS7UHBOFV6JHWH5XOEZTE3BREGRSSQ3/ - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E - Mailing List, Vendor Advisory |
26 Jan 2021, 18:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 Jan 2021, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2020-07-02 13:15
Updated : 2023-12-10 13:27
NVD link : CVE-2020-9497
Mitre link : CVE-2020-9497
CVE.ORG link : CVE-2020-9497
JSON object : View
Products Affected
fedoraproject
- fedora
debian
- debian_linux
apache
- guacamole
CWE
CWE-20
Improper Input Validation