CVE-2008-0882Improper Restriction of Operations within the Bounds of a Memory Buffer in Cups

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer14 documents8 sources
Severity
10.0CRITICALNVD
EPSS
23.1%
top 4.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apple CupsCups
Timeline
PublishedFeb 21
Latest updateMay 1

Description

Double free vulnerability in the process_browse_data function in CUPS 1.3.5 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via crafted UDP Browse packets to the cupsd port (631/udp), related to an unspecified manipulation of a remote printer. NOTE: some of these details are obtained from third party information.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

Debianapple/cups< 1.3.6-1+3
NVDcups/cups1.3.5

🔴Vulnerability Details

3
GHSA
GHSA-vcjx-xf8c-qxqm: Double free vulnerability in the process_browse_data function in CUPS 12022-05-01
OSV
CVE-2008-0882: Double free vulnerability in the process_browse_data function in CUPS 12008-02-21
CVEList
CVE-2008-0882: Double free vulnerability in the process_browse_data function in CUPS 12008-02-21

📋Vendor Advisories

3
Ubuntu
CUPS vulnerabilities2008-04-02
Red Hat
cups: double free vulnerability in process_browse_data()2008-01-07
Debian
CVE-2008-0882: cups - Double free vulnerability in the process_browse_data function in CUPS 1.3.5 allo...2008

💬Community

7
Bugzilla
CVE-2008-4069 Mozilla XBM decoder information disclosure2008-09-22
Bugzilla
CVE-2008-0016 Mozilla UTF-8 stack buffer overflow2008-09-22
Bugzilla
CVE-2008-4067 Mozilla resource: traversal vulnerability2008-09-22
Bugzilla
CVE-2008-3835 mozilla: nsXMLDocument::OnChannelRedirect() same-origin violation2008-09-22
Bugzilla
CVE-2008-3837 mozilla: Forced mouse drag2008-09-22
CVE-2008-0882 — Cups vulnerability | cvebase