Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed with the privileges of therunning guacd process.
References
Configurations
History
07 Nov 2023, 03:26
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
CWE | CWE-787 |
29 Mar 2021, 19:38
Type | Values Removed | Values Added |
---|---|---|
References | (MLIST) https://lists.apache.org/thread.html/r1125f3044a0946d1e7e6f125a6170b58d413ebd4a95157e4608041c7@%3Cannounce.apache.org%3E - Mailing List, Vendor Advisory |
24 Feb 2021, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
28 Jan 2021, 22:30
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:* |
|
References | (MLIST) https://lists.debian.org/debian-lts-announce/2020/11/msg00010.html - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TVV5K2X4EXSAVUUL7IJ3MUJ3ADWMVSBM/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNS7UHBOFV6JHWH5XOEZTE3BREGRSSQ3/ - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922@%3Cannounce.apache.org%3E - Mailing List, Third Party Advisory |
26 Jan 2021, 18:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 Jan 2021, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2020-07-02 13:15
Updated : 2023-12-10 13:27
NVD link : CVE-2020-9498
Mitre link : CVE-2020-9498
CVE.ORG link : CVE-2020-9498
JSON object : View
Products Affected
apache
- guacamole
debian
- debian_linux
fedoraproject
- fedora
CWE
CWE-787
Out-of-bounds Write