CVE-2002-1372 — Unchecked Return Value in Apple Cups

CWE-252 — Unchecked Return Value7 documents7 sources

Severity

7.5HIGHNVD

EPSS

7.3%

top 8.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Cups Apple MAC OS X Debian Linux

Timeline

PublishedDec 26

Latest updateApr 30

Description

Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check the return values of various file and socket operations, which could allow a remote attacker to cause a denial of service (resource exhaustion) by causing file descriptors to be assigned and not released, as demonstrated by fanta.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶Debianapple/cups< 1.1.18-1+3

▶NVDapple/cups1.1.14 — 1.1.17

▶NVDapple/mac_os_x10.2, 10.2.2+1

Also affects: Debian Linux 2.2, 3.0

🔴Vulnerability Details

GHSA

GHSA-pj56-w5gq-p5wr: Common Unix Printing System (CUPS) 1↗2022-04-30

▶

CVEList

CVE-2002-1372: Common Unix Printing System (CUPS) 1↗2004-09-01

▶

OSV

CVE-2002-1372: Common Unix Printing System (CUPS) 1↗2002-12-26

▶

📋Vendor Advisories

Red Hat

security flaw↗2002-12-19

▶

Debian

CVE-2002-1372: cups - Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check...↗2002

▶

💬Community

Bugzilla

CVE-2002-1372 security flaw↗2018-08-16

▶