CVE-2010-2432

CWE-399CWE-8357 documents7 sources
Severity
5.0MEDIUM
EPSS
0.9%
top 24.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apple Cups
Timeline
PublishedJun 22
Latest updateMay 17

Description

The cupsDoAuthentication function in auth.c in the client in CUPS before 1.4.4, when HAVE_GSSAPI is omitted, does not properly handle a demand for authorization, which allows remote CUPS servers to cause a denial of service (infinite loop) via HTTP_UNAUTHORIZED responses.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

Debiancups< 1.4.4-1+3
NVDapple/cups1.4.3+61

Patches

Patch: cups.orgPatch: cups.org

🔴Vulnerability Details

3
GHSA
GHSA-hv7x-wq9f-458x: The cupsDoAuthentication function in auth2022-05-17
OSV
CVE-2010-2432: The cupsDoAuthentication function in auth2010-06-22
CVEList
CVE-2010-2432: The cupsDoAuthentication function in auth2010-06-22

📋Vendor Advisories

2
Red Hat
cups: DoS (infinite loop) via HTTP_UNAUTHORIZED responses STR #35182010-03-03
Debian
CVE-2010-2432: cups - The cupsDoAuthentication function in auth.c in the client in CUPS before 1.4.4, ...2010

💬Community

1
Bugzilla
CVE-2010-2432 cups: DoS (infinite loop) via HTTP_UNAUTHORIZED responses STR #35182010-06-23
CVE-2010-2432 (MEDIUM CVSS 5) | The cupsDoAuthentication function i | cvebase.io