CVE-2012-4415

Published Oct 1, 2012

Last updated 12 years ago

Overview

Description: Stack-based buffer overflow in the guac_client_plugin_open function in libguac in Guacamole before 0.6.3 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long protocol name.
Source: secalert@redhat.com
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-119

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "706C6399-CAD1-46E3-87A2-8DFE2CF497ED"
          },
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2DA9D861-3EAF-42F5-B0B6-A4CD7BDD6188"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:guac-dev:guacamole:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "44F8F329-B9F7-4975-8085-A78324B5E4D3",
            "versionEndIncluding": "0.6.2"
          },
          {
            "criteria": "cpe:2.3:a:guac-dev:guacamole:0.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A2975DDA-FA03-4924-87EF-9609E1D6D237"
          },
          {
            "criteria": "cpe:2.3:a:guac-dev:guacamole:0.6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "24EA5D53-650C-46C1-8563-A406D5BB7EB5"
          },
          {
            "criteria": "cpe:2.3:a:guac-dev:guacamole:0.6.3:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1FAA0416-AE7E-4662-BC18-1EA0893F561D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References