Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-5183 — NULL Pointer Dereference in Apple Cups

CWE-476 — NULL Pointer Dereference9 documents9 sources

Severity

7.5HIGHNVD

EPSS

4.6%

top 10.70%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Apple Cups Apple MAC OS X Apple MAC OS X Server +2 more

Timeline

PublishedNov 21

Latest updateMay 17

Description

cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NOTE: this issue can be triggered remotely by leveraging CVE-2008-5184.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

▶Debianapple/cups< 1.3.9-13+3

▶NVDapple/cups1.3.9

▶NVDapple/mac_os_x< 10.5.6

▶NVDapple/mac_os_x_server< 10.5.6

▶NVDopensuse/opensuse11.0

Also affects: Debian Linux 5.0, 6.0

🔴Vulnerability Details

GHSA

GHSA-9pqm-v858-jg26: cupsd in CUPS 1↗2022-05-17

▶

OSV

CVE-2008-5183: cupsd in CUPS 1↗2008-11-21

▶

CVEList

CVE-2008-5183: cupsd in CUPS 1↗2008-11-21

▶

💥Exploits & PoCs

Exploit-DB

CUPS 1.3.7 - Cross-Site Request Forgery (Add RSS Subscription) Remote Crash↗2008-11-18

▶

📋Vendor Advisories

Ubuntu

CUPS vulnerabilities↗2009-01-12

▶

Red Hat

cups: DoS (daemon crash) caused by the large number of subscriptions↗2008-11-15

▶

Debian

CVE-2008-5183: cups - cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attacker...↗2008

▶

💬Community

Bugzilla

CVE-2008-5183 cups: DoS (daemon crash) caused by the large number of subscriptions↗2008-12-01

▶