Skip to content
Sign up
Product
Features
Mobile
Actions
Codespaces
Copilot
Packages
Security
Code review
Issues
Integrations
GitHub Sponsors
Customer stories
Team
Enterprise
Explore
Explore GitHub
Learn and contribute
Topics
Collections
Trending
Skills
GitHub Sponsors
Open source guides
Connect with others
The ReadME Project
Events
Community forum
GitHub Education
GitHub Stars program
Marketplace
Pricing
Plans
Compare plans
Contact Sales
Education
In this repository
All GitHub
↵
Jump to
↵
No suggested jump to results
In this repository
All GitHub
↵
Jump to
↵
In this organization
All GitHub
↵
Jump to
↵
In this repository
All GitHub
↵
Jump to
↵
Sign in
Sign up
{{ message }}
apache
/
guacamole-website
Public
Notifications
Fork
87
Star
210
Code
Pull requests
1
Actions
Projects
0
Security
Insights
More
Code
Pull requests
Actions
Projects
Security
Insights
Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Document vulnerability
CVE-2020-9498
, fixed in 1.2.0.
Loading branch information
mike-jumper
committed
Jul 2, 2020
1 parent
f99ee68
commit
fe01175df779e8987a0ec354c47b575c4b86d637
Showing
1 changed file
with
15 additions
and
0 deletions
.
Split
Unified
There are no files selected for viewing
15
_security/CVE-2020-9498.md
Show comments
View file
Edit file
Delete file
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Show hidden characters
@@ -0,0 +1,15 @@
---
title
:
Dangling pointer in RDP static virtual channel handling
cve
:
CVE-2020-9498
fixed
:
1.2.0
---
Apache Guacamole 1.1.0 and older may mishandle pointers involved in processing
data received via RDP static virtual channels. If a user connects to a
malicious or compromised RDP server, a series of specially-crafted PDUs could
result in memory corruption, possibly allowing arbitrary code to be executed
with the privileges of the running guacd process.
Acknowledgements: We would like to thank Eyal Itkin (Check Point Research) for
reporting this issue.
Toggle all file notes
Toggle all file annotations
0 comments on commit
fe01175
Please
sign in
to comment.
You can’t perform that action at this time.
You signed in with another tab or window.
Reload
to refresh your session.
You signed out in another tab or window.
Reload
to refresh your session.
