CVE-2017-3158

Published Jan 18, 2018

Last updated a year ago

Overview

Description
A race condition in Guacamole's terminal emulator in versions 0.9.5 through 0.9.10-incubating could allow writes of blocks of printed data to overlap. Such overlapping writes could cause packet data to be misread as the packet length, resulting in the remaining data being written beyond the end of a statically-allocated buffer.
Source
security@apache.org
NVD status
Modified

Risk scores

CVSS 3.0

Type
Primary
Base score
8.1
Impact score
5.9
Exploitability score
2.2
Vector string
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

CVSS 2.0

Type
Primary
Base score
6.8
Impact score
6.4
Exploitability score
8.6
Vector string
AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov
CWE-362

Social media

Hype score
Not currently trending

Configurations