Skip to main content

Ubuntu EUVDEUVD-2024-54722

| CVE-2024-35164 MEDIUM
Improper Validation of Array Index (CWE-129)
2025-07-02 security@apache.org
6.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.8 MEDIUM
AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Ubuntu
MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 16, 2026 - 01:55 euvd
EUVD-2024-54722
Analysis Generated
Mar 16, 2026 - 01:55 vuln.today
CVE Published
Jul 02, 2025 - 12:15 nvd
MEDIUM 6.8

DescriptionCVE.org

The terminal emulator of Apache Guacamole 1.5.5 and older does not properly validate console codes received from servers via text-based protocols like SSH. If a malicious user has access to a text-based connection, a specially-crafted sequence of console codes could allow arbitrary code to be executed with the privileges of the running guacd process.

Users are recommended to upgrade to version 1.6.0, which fixes this issue.

Analysis

The terminal emulator of Apache Guacamole 1.5.5 and older does not properly validate console codes received from servers via text-based protocols like SSH. If a malicious user has access to a text-based connection, a specially-crafted sequence of console codes could allow arbitrary code to be executed with the privileges of the running guacd process.

Users are recommended to upgrade to version 1.6.0, which fixes this issue.

Technical ContextAI

This vulnerability is classified as Improper Validation of Array Index (CWE-129).

RemediationAI

Monitor vendor advisories for patches. Apply mitigations such as network segmentation, access restrictions, and monitoring.

Vendor StatusVendor

Ubuntu

Priority: Medium
guacamole-client
Release Status Version
xenial needs-triage -
bionic needs-triage -
jammy DNE -
noble DNE -
oracular DNE -
plucky DNE -
upstream needs-triage -
questing DNE -

Debian

guacamole-client
Release Status Fixed Version Urgency
(unstable) fixed (unfixed) -

Share

EUVD-2024-54722 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy