CVE-2024-35164

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
02/07/2025
Last modified:
03/07/2025

Description

The terminal emulator of Apache Guacamole 1.5.5 and older does not properly validate console codes received from servers via text-based protocols like SSH. If a malicious user has access to a text-based connection, a specially-crafted sequence of console codes could allow arbitrary code to be executed<br /> with the privileges of the running guacd process.<br /> <br /> <br /> <br /> <br /> Users are recommended to upgrade to version 1.6.0, which fixes this issue.

References to Advisories, Solutions, and Tools