Document vulnerability CVE-2017-3158, fixed in 0.9.11-incubating.
Project: http://git-wip-us.apache.org/repos/asf/guacamole-website/repo Commit: http://git-wip-us.apache.org/repos/asf/guacamole-website/commit/172a5c32 Tree: http://git-wip-us.apache.org/repos/asf/guacamole-website/tree/172a5c32 Diff: http://git-wip-us.apache.org/repos/asf/guacamole-website/diff/172a5c32 Branch: refs/heads/master Commit: 172a5c32896f56dac0576983cc44046e220f2f7a Parents: bd823d2 Author: Michael Jumper <mjum...@apache.org> Authored: Sat Jan 6 16:12:48 2018 -0800 Committer: Michael Jumper <mjum...@apache.org> Committed: Sun Jan 7 19:28:58 2018 -0800 ---------------------------------------------------------------------- _security/CVE-2017-3158.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/guacamole-website/blob/172a5c32/_security/CVE-2017-3158.md ---------------------------------------------------------------------- diff --git a/_security/CVE-2017-3158.md b/_security/CVE-2017-3158.md new file mode 100644 index 0000000..5f28bdb --- /dev/null +++ b/_security/CVE-2017-3158.md @@ -0,0 +1,13 @@ +--- +title: Buffer overflow in SSH/telnet terminal emulator +cve: CVE-2017-3158 +fixed: 0.9.11-incubating +--- + +A race condition in Guacamole's terminal emulator could allow writes of blocks +of printed data to overlap. Such overlapping writes could cause packet data to +be misread as the packet length, resulting in the remaining data being written +beyond the end of a statically-allocated buffer. + +Acknowledgements: We would like to thank Hariprasad Ng for reporting this +issue.