CVE-2017-3158

HIGH

Apache Guacamole 0.9.5-0.9.10-incubating - Buffer Overflow via Terminal Emulator Race Condition

Title source: llm

Description

A race condition in Guacamole's terminal emulator in versions 0.9.5 through 0.9.10-incubating could allow writes of blocks of printed data to overlap. Such overlapping writes could cause packet data to be misread as the packet length, resulting in the remaining data being written beyond the end of a statically-allocated buffer.

References (1)

Core 1

Core References

Mailing List x_refsource_misc

https://lists.apache.org/thread.html/b218d36bfdaf655d27382daec4dcd02ec717631f4aee8b7e4300ad65%40%3Cuser.guacamole.apache.org%3E

Scores

CVSS v3 8.1

EPSS 0.0069

EPSS Percentile 72.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-362

Status published

Products (3)

apache/guacamole 0.9.10-incubating

apache/guacamole < 0.9.9

org.apache.guacamole/guacamole-common 0.9.5 - 0.9.11-incubatingMaven

Published Jan 18, 2018

Tracked Since Feb 18, 2026