{"id":"CVE-2023-30576","details":"Apache Guacamole 0.9.10 through 1.5.1 may continue to reference a freed RDP audio input buffer. Depending on timing, this may allow an attacker to execute arbitrary code with the privileges of the guacd process.\n\n","aliases":["BIT-guacamole-2023-30576","BIT-guacamole-server-2023-30576"],"modified":"2026-04-10T04:57:51.188805Z","published":"2023-06-07T09:15:10.080Z","related":["CGA-59xr-qwjv-88wh"],"references":[{"type":"ADVISORY","url":"https://lists.apache.org/thread/vgtvxb3w7mm84hx6v8dfc0onsoz05gb6"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/apache/guacamole-server","events":[{"introduced":"16757aebecf1e79e1f137d3e8192627fddc0f868"},{"fixed":"83ca7aa16b49830b5adb5a0ce60082b385163934"}],"database_specific":{"versions":[{"introduced":"0.9.0"},{"fixed":"1.5.2"}]}}],"versions":["0.9.0","0.9.1","0.9.2","0.9.3","0.9.4","0.9.5","0.9.6","0.9.7","0.9.8","0.9.9","1.5.0","1.5.0-RC1","1.5.1","1.5.1-RC1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-30576.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}