A stack-based buffer overflow vulnerability was discovered in the guac_client_plugin_open() function in libguac in Guacamole before 0.6.3 which could allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a long protocol name.
Acknowledgements: We would like to thank Timo Juhani Lindfors for reporting this issue.