CVE-2010-2941

CWE-416Use After Free10 documents9 sources
Severity
9.8CRITICAL
EPSS
21.4%
top 4.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
13
Apple MAC OS XApple MAC OS X ServerApple Cups+10 more
Timeline
PublishedNov 5
Latest updateMay 17

Description

ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages9 packages

Debiancups< 1.4.4-7+3
NVDapple/cups1.4.4
NVDapple/mac_os_x10.6.010.6.4+1
NVDapple/mac_os_x_server10.6.010.6.4+1
NVDopensuse/opensuse11.1, 11.2, 11.3+2

Also affects: Debian Linux 5.0, Fedora 12, 13, 14, Linux Enterprise 10.0, 11.0, Ubuntu Linux 10.04, 10.10, 6.06, 8.04, 9.10, Enterprise Linux 5.0, 6.0

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-pp56-6c5p-hfmv: ipp2022-05-17
OSV
CVE-2010-2941: ipp2010-11-05
CVEList
CVE-2010-2941: ipp2010-11-05

💥Exploits & PoCs

1
Exploit-DB
Yandex.Server 2010 9.0 - 'text' Cross-Site Scripting2012-05-21

📋Vendor Advisories

3
Ubuntu
CUPS vulnerability2010-11-04
Red Hat
cups: cupsd memory corruption vulnerability2010-10-28
Debian
CVE-2010-2941: cups - ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for a...2010

💬Community

2
Bugzilla
CVE-2010-2941 cups: cupsd memory corruption vulnerability [fedora-all]2010-11-11
Bugzilla
CVE-2010-2941 cups: cupsd memory corruption vulnerability2010-08-16
CVE-2010-2941 (CRITICAL CVSS 9.8) | ipp.c in cupsd in CUPS 1.4.4 and ea | cvebase.io