Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-5849Integer Underflow (Wrap or Wraparound) in Software Products Cups

CWE-1899 documents9 sources
Severity
9.3CRITICALNVD
EPSS
34.6%
top 2.99%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Apple CupsEasy Software Products Cups
Timeline
PublishedDec 19
Latest updateMay 1

Description

Integer underflow in the asn1_get_string function in the SNMP back end (backend/snmp.c) for CUPS 1.2 through 1.3.4 allows remote attackers to execute arbitrary code via a crafted SNMP response that triggers a stack-based buffer overflow.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

Debianapple/cups< 1.3.5-1+3
NVDeasy_software_products/cups5 versions+4

🔴Vulnerability Details

3
GHSA
GHSA-x2h6-2q5c-v7px: Integer underflow in the asn1_get_string function in the SNMP back end (backend/snmp2022-05-01
CVEList
CVE-2007-5849: Integer underflow in the asn1_get_string function in the SNMP back end (backend/snmp2007-12-19
OSV
CVE-2007-5849: Integer underflow in the asn1_get_string function in the SNMP back end (backend/snmp2007-12-19

💥Exploits & PoCs

1
Exploit-DB
Common UNIX Printing System 1.2/1.3 SNMP - 'asn1_get_string()' Remote Buffer Overflow2007-11-06

📋Vendor Advisories

3
Ubuntu
CUPS vulnerabilities2008-01-09
Red Hat
CUPS SNMP backend buffer overflow2007-12-13
Debian
CVE-2007-5849: cups - Integer underflow in the asn1_get_string function in the SNMP back end (backend/...2007

💬Community

1
Bugzilla
CVE-2007-5849 CUPS SNMP backend buffer overflow2007-12-07
CVE-2007-5849 — Integer Underflow (Wrap or Wraparound) | cvebase