Document vulnerability CVE-2020-9498, fixed in 1.2.0.

commit: fe01175df779e8987a0ec354c47b575c4b86d637 [log] [tgz]
author: Michael Jumper <mjumper@apache.org> Sun Jun 28 17:24:31 2020 -0700
committer: Michael Jumper <mjumper@apache.org> Wed Jul 01 20:21:07 2020 -0700
tree: 1c6d56e9bb56c005b946df495fba33b11d4f5c54
parent: f99ee68a4a6231014f9b5a38e90655a49db2d505 [diff]
diff --git a/_security/CVE-2020-9498.md b/_security/CVE-2020-9498.md
new file mode 100644
index 0000000..edbdff4
--- /dev/null
+++ b/_security/CVE-2020-9498.md

@@ -0,0 +1,15 @@
+---
+title: Dangling pointer in RDP static virtual channel handling
+cve:   CVE-2020-9498
+fixed: 1.2.0
+---
+
+Apache Guacamole 1.1.0 and older may mishandle pointers involved in processing
+data received via RDP static virtual channels. If a user connects to a
+malicious or compromised RDP server, a series of specially-crafted PDUs could
+result in memory corruption, possibly allowing arbitrary code to be executed
+with the privileges of the running guacd process.
+
+Acknowledgements: We would like to thank Eyal Itkin (Check Point Research) for
+reporting this issue.
+
commit	fe01175df779e8987a0ec354c47b575c4b86d637	[log] [tgz]
author	Michael Jumper <mjumper@apache.org>	Sun Jun 28 17:24:31 2020 -0700
committer	Michael Jumper <mjumper@apache.org>	Wed Jul 01 20:21:07 2020 -0700
tree	1c6d56e9bb56c005b946df495fba33b11d4f5c54
parent	f99ee68a4a6231014f9b5a38e90655a49db2d505 [diff]