CVE-2010-4267 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Hplip

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents8 sources

Severity

7.5HIGHNVD

EPSS

10.2%

top 6.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Hplip HP Linux Imaging AND Printing Project

Timeline

PublishedJan 20

Latest updateMay 17

Description

Stack-based buffer overflow in the hpmud_get_pml function in io/hpmud/pml.c in Hewlett-Packard Linux Imaging and Printing (HPLIP) 1.6.7, 3.9.8, 3.10.9, and probably other versions allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted SNMP response with a large length value.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDhp/linux_imaging_and_printing_project1.6.7, 3.10.9, 3.9.8+2

▶debiandebian/hplip< hplip 3.10.6-2 (bookworm)

🔴Vulnerability Details

GHSA

GHSA-9c9p-hhrq-f5v5: Stack-based buffer overflow in the hpmud_get_pml function in io/hpmud/pml↗2022-05-17

▶

OSV

CVE-2010-4267: Stack-based buffer overflow in the hpmud_get_pml function in io/hpmud/pml↗2011-01-20

▶

💥Exploits & PoCs

Exploit-DB

Eudora Qualcomm WorldMail 3.0 - IMAPd 'LIST' Remote Buffer Overflow (Metasploit)↗2010-07-01

▶

📋Vendor Advisories

Ubuntu

HPLIP vulnerability↗2011-01-25

▶

Red Hat

hplip: remote stack overflow vulnerability↗2011-01-10

▶

Debian

CVE-2010-4267: hplip - Stack-based buffer overflow in the hpmud_get_pml function in io/hpmud/pml.c in H...↗2010

▶

💬Community

Bugzilla

CVE-2010-4267 hplip: remote stack overflow vulnerability [fedora-all]↗2011-01-17

▶

Bugzilla

CVE-2010-4267 hplip: remote stack overflow vulnerability↗2010-12-13

▶