Details of VAR-201801-0175

ID

VAR-201801-0175

CVE

CVE-2017-3158

TITLE

Guacamole Race condition vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-001479

DESCRIPTION

A race condition in Guacamole's terminal emulator in versions 0.9.5 through 0.9.10-incubating could allow writes of blocks of printed data to overlap. Such overlapping writes could cause packet data to be misread as the packet length, resulting in the remaining data being written beyond the end of a statically-allocated buffer. Guacamole Contains a race condition vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

Trust: 1.71

sources: NVD: CVE-2017-3158 // JVNDB: JVNDB-2018-001479 // VULMON: CVE-2017-3158

AFFECTED PRODUCTS

vendor:	apache	model:	guacamole	scope:	eq	version:	0.9.10-incubating	Trust: 1.6
vendor:	apache	model:	guacamole	scope:	lte	version:	0.9.9	Trust: 1.0
vendor:	apache	model:	guacamole	scope:	eq	version:	0.9.5 to 0.9.10-incubating	Trust: 0.8
vendor:	apache	model:	guacamole	scope:	eq	version:	0.9.9	Trust: 0.6

sources: JVNDB: JVNDB-2018-001479 // CNNVD: CNNVD-201801-802 // NVD: CVE-2017-3158

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-3158
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-3158
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201801-802
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2017-3158
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-3158
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9

nvd@nist.gov:	CVE-2017-3158
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULMON: CVE-2017-3158 // JVNDB: JVNDB-2018-001479 // CNNVD: CNNVD-201801-802 // NVD: CVE-2017-3158

PROBLEMTYPE DATA

problemtype:

CWE-362

Trust: 1.8

sources: JVNDB: JVNDB-2018-001479 // NVD: CVE-2017-3158

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201801-802

TYPE

competitive condition

Trust: 0.6

sources: CNNVD: CNNVD-201801-802

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-001479

PATCH

title:	[SECURITY] CVE-2017-3158: Buffer overflow in SSH/telnet terminal emulator	url:	https://lists.apache.org/thread.html/b218d36bfdaf655d27382daec4dcd02ec717631f4aee8b7e4300ad65@%3Cuser.guacamole.apache.org%3E	Trust: 0.8
title:	Apache Guacamole terminal emulator Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77979	Trust: 0.6
title:	Debian CVElist Bug Report Logs: guacamole-client: CVE-2017-3158 race can cause buffer overflow	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=b764724410d590230569ad5581bcf186	Trust: 0.1

sources: VULMON: CVE-2017-3158 // JVNDB: JVNDB-2018-001479 // CNNVD: CNNVD-201801-802

EXTERNAL IDS

db:	NVD	id:	CVE-2017-3158	Trust: 2.5
db:	JVNDB	id:	JVNDB-2018-001479	Trust: 0.8
db:	CNNVD	id:	CNNVD-201801-802	Trust: 0.6
db:	VULMON	id:	CVE-2017-3158	Trust: 0.1

sources: VULMON: CVE-2017-3158 // JVNDB: JVNDB-2018-001479 // CNNVD: CNNVD-201801-802 // NVD: CVE-2017-3158

REFERENCES

url:	https://lists.apache.org/thread.html/b218d36bfdaf655d27382daec4dcd02ec717631f4aee8b7e4300ad65%40%3cuser.guacamole.apache.org%3e	Trust: 1.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3158	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-3158	Trust: 0.8
url:	https://lists.apache.org/thread.html/b218d36bfdaf655d27382daec4dcd02ec717631f4aee8b7e4300ad65@%3cuser.guacamole.apache.org%3e	Trust: 0.7
url:	https://cwe.mitre.org/data/definitions/362.html	Trust: 0.1
url:	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891798	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2017-3158 // JVNDB: JVNDB-2018-001479 // CNNVD: CNNVD-201801-802 // NVD: CVE-2017-3158

SOURCES

db:	VULMON	id:	CVE-2017-3158
db:	JVNDB	id:	JVNDB-2018-001479
db:	CNNVD	id:	CNNVD-201801-802
db:	NVD	id:	CVE-2017-3158

LAST UPDATE DATE

2024-11-23T22:22:15.858000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2017-3158	date:	2018-02-05T00:00:00
db:	JVNDB	id:	JVNDB-2018-001479	date:	2018-02-21T00:00:00
db:	CNNVD	id:	CNNVD-201801-802	date:	2018-01-22T00:00:00
db:	NVD	id:	CVE-2017-3158	date:	2024-11-21T03:24:56.930

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2017-3158	date:	2018-01-18T00:00:00
db:	JVNDB	id:	JVNDB-2018-001479	date:	2018-02-21T00:00:00
db:	CNNVD	id:	CNNVD-201801-802	date:	2018-01-22T00:00:00
db:	NVD	id:	CVE-2017-3158	date:	2018-01-18T20:29:00.257