Apache Guacamole: Integer overflow in handling of VNC image buffers

Apache Guacamole 1.5.3 and older do not consistently ensure that values received from a VNC server will not result in integer overflow. If a user connects to a malicious or compromised VNC server, specially-crafted data could result in memory corruption, possibly allowing arbitrary code to be executed with the privileges of the running guacd process. Users are recommended to upgrade to version 1.5.4, which fixes this issue.

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N

整数溢出或超界折返

Apache Guacamole 输入验证错误漏洞

Apache Guacamole是美国阿帕奇（Apache）基金会的一款无客户端的远程桌面网关。该产品支持VNC、RDP和SSH等协议。 Apache Guacamole 1.5.3 及之前版本存在输入验证错误漏洞，该漏洞源于如果用户连接到恶意或受损的 VNC 服务器，特制数据可能会导致内存损坏，并导致以正在运行的 guacd 进程的权限执行任意代码。

N/A

N/A