6.8
CVSSv2

CVE-2017-3158

Published: 18/01/2018 Updated: 05/02/2018
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

A race condition in Guacamole's terminal emulator in versions 0.9.5 up to and including 0.9.10-incubating could allow writes of blocks of printed data to overlap. Such overlapping writes could cause packet data to be misread as the packet length, resulting in the remaining data being written beyond the end of a statically-allocated buffer.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

apache guacamole

apache guacamole 0.9.10-incubating

Vendor Advisories

Debian Bug report logs - #891798 guacamole-client: CVE-2017-3158 race can cause buffer overflow Package: src:guacamole-client; Maintainer for src:guacamole-client is Debian Remote Maintainers <pkg-remote-team@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Wed, 28 Feb 2018 22:21:05 UTC ...