Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-1368Software Products Cups vulnerability

8 documents8 sources
Severity
7.5HIGHNVD
EPSS
26.8%
top 3.65%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Apple CupsApple MAC OS XEasy Software Products Cups
Timeline
PublishedDec 26
Latest updateMay 3

Description

Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing negative arguments to be fed into memcpy() calls via HTTP requests with (1) a negative Content-Length value or (2) a negative length in a chunked transfer encoding.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

Debianapple/cups< 1.1.18-1+3
NVDeasy_software_products/cups13 versions+12
NVDapple/mac_os_x10.2, 10.2.2+1

🔴Vulnerability Details

3
GHSA
GHSA-98r4-fx32-wmfw: Common Unix Printing System (CUPS) 12022-05-03
OSV
CVE-2002-1368: Common Unix Printing System (CUPS) 12002-12-26
CVEList
CVE-2002-1368: Common Unix Printing System (CUPS) 12002-12-20

💥Exploits & PoCs

1
Exploit-DB
CUPS 1.1.x - Negative Length HTTP Header2002-12-19

📋Vendor Advisories

2
Red Hat
security flaw2002-12-19
Debian
CVE-2002-1368: cups - Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote attackers...2002

💬Community

1
Bugzilla
CVE-2002-1368 security flaw2018-08-16
CVE-2002-1368 — Software Products Cups vulnerability | cvebase