Skip to content
Browse files
Document vulnerability CVE-2020-9498, fixed in 1.2.0.
  • Loading branch information
mike-jumper committed Jul 2, 2020
1 parent f99ee68 commit fe01175df779e8987a0ec354c47b575c4b86d637
Showing 1 changed file with 15 additions and 0 deletions.
@@ -0,0 +1,15 @@
title: Dangling pointer in RDP static virtual channel handling
cve: CVE-2020-9498
fixed: 1.2.0

Apache Guacamole 1.1.0 and older may mishandle pointers involved in processing
data received via RDP static virtual channels. If a user connects to a
malicious or compromised RDP server, a series of specially-crafted PDUs could
result in memory corruption, possibly allowing arbitrary code to be executed
with the privileges of the running guacd process.

Acknowledgements: We would like to thank Eyal Itkin (Check Point Research) for
reporting this issue.

0 comments on commit fe01175

Please sign in to comment.