CVE-2017-3158
Apache Guacamole Race Condition vulnerability
8.1
HIGH
CVSS 3.1
EPSS 0.69%
Description
A race condition in Guacamole's terminal emulator in versions 0.9.5 through 0.9.10-incubating could allow writes of blocks of printed data to overlap. Such overlapping writes could cause packet data to be misread as the packet length, resulting in the remaining data being written beyond the end of a statically-allocated buffer.
How to fix CVE-2017-3158
To remediate CVE-2017-3158, upgrade the affected package to a fixed version below.
- —upgrade to 0.9.11-incubating or later
Is CVE-2017-3158 being exploited?
Low — EPSS is 0.7%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 0.9.5, < 0.9.11-incubating
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.1 | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |