CVE-2002-1369Improper Restriction of Operations within the Bounds of a Memory Buffer in Software Products Cups

7 documents7 sources
Severity
10.0CRITICALNVD
EPSS
10.0%
top 6.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Apple CupsApple MAC OS XEasy Software Products Cups
Timeline
PublishedDec 26
Latest updateApr 30

Description

jobs.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly use the strncat function call when processing the options string, which allows remote attackers to execute arbitrary code via a buffer overflow attack.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

Debianapple/cups< 1.1.18-1+3
NVDeasy_software_products/cups13 versions+12
NVDapple/mac_os_x10.2, 10.2.2+1

🔴Vulnerability Details

3
GHSA
GHSA-6q7q-pxq9-gvhp: jobs2022-04-30
CVEList
CVE-2002-1369: jobs2004-09-01
OSV
CVE-2002-1369: jobs2002-12-26

📋Vendor Advisories

2
Red Hat
security flaw2002-12-19
Debian
CVE-2002-1369: cups - jobs.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not prop...2002

💬Community

1
Bugzilla
CVE-2002-1369 security flaw2018-08-16
CVE-2002-1369 — Software Products Cups vulnerability | cvebase