CVE-2008-0047 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Cups

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122 — Heap-based Buffer Overflow8 documents8 sources

Severity

9.3CRITICALNVD

EPSS

25.3%

top 3.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Cups Cups

Timeline

PublishedMar 18

Latest updateMay 1

Description

Heap-based buffer overflow in the cgiCompileSearch function in CUPS 1.3.5, and other versions including the version bundled with Apple Mac OS X 10.5.2, when printer sharing is enabled, allows remote attackers to execute arbitrary code via crafted search expressions.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

▶Debianapple/cups< 1.3.6-3+3

▶NVDcups/cups1.3.5

Patches

Patch: lists.apple.com ↗Patch: lists.apple.com ↗

🔴Vulnerability Details

GHSA

GHSA-955r-8v94-5rcf: Heap-based buffer overflow in the cgiCompileSearch function in CUPS 1↗2022-05-01

▶

OSV

CVE-2008-0047: Heap-based buffer overflow in the cgiCompileSearch function in CUPS 1↗2008-03-18

▶

CVEList

CVE-2008-0047: Heap-based buffer overflow in the cgiCompileSearch function in CUPS 1↗2008-03-18

▶

📋Vendor Advisories

Ubuntu

CUPS vulnerabilities↗2008-04-02

▶

Red Hat

cups: heap based buffer overflow in cgiCompileSearch()↗2008-03-18

▶

Debian

CVE-2008-0047: cups - Heap-based buffer overflow in the cgiCompileSearch function in CUPS 1.3.5, and o...↗2008

▶

💬Community

Bugzilla

CVE-2008-0047 cups: heap based buffer overflow in cgiCompileSearch()↗2008-03-05

▶