CVE-2014-4337
published 2014-06-22CVE-2014-4337: The process_browse_data function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote attackers to cause a denial of service…
PriorityP419medium4.3CVSS 2.0
AVNACMAuNCNINAP
EPSS
2.94%
85.4th percentile
The process_browse_data function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted packet data.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | cups-filters | < cups-filters 1.0.53-1 (bookworm) | cups-filters 1.0.53-1 (bookworm) |
| linuxfoundation | cups-filters | <= 1.0.52 | — |
| linuxfoundation | cups-filters | >= 0 < 1.0.53-1 | 1.0.53-1 |
| linuxfoundation | cups-filters | >= 0 < 1.0.53-1 | 1.0.53-1 |
| linuxfoundation | cups-filters | >= 0 < 1.0.53-1 | 1.0.53-1 |
| linuxfoundation | cups-filters | >= 0 < 1.0.53-1 | 1.0.53-1 |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv4.3MEDIUM
vendor_debian4.3MEDIUM
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
cups-filters: cups-browsed DoS via process_browse_data() OOB read
vendor_redhat·2014-04-23·CVSS 4.3
CVE-2014-4337 [MEDIUM] cups-filters: cups-browsed DoS via process_browse_data() OOB read
cups-filters: cups-browsed DoS via process_browse_data() OOB read
The process_browse_data function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted packet data.
An out-of-bounds read flaw was found in the way the process_browse_data() function of cups-browsed handled certain browse packets. A remote attacker could send a specially crafted browse packet that, when processed by cups-browsed, would crash the cups-browsed daemon.
Debian
CVE-2014-4337: cups-filters - The process_browse_data function in utils/cups-browsed.c in cups-browsed in cups...
vendor_debian·2014·CVSS 4.3
CVE-2014-4337 [MEDIUM] CVE-2014-4337: cups-filters - The process_browse_data function in utils/cups-browsed.c in cups-browsed in cups...
The process_browse_data function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted packet data.
Scope: local
bookworm: resolved (fixed in 1.0.53-1)
bullseye: resolved (fixed in 1.0.53-1)
forky: resolved (fixed in 1.0.53-1)
sid: resolved (fixed in 1.0.53-1)
trixie: resolved (fixed in 1.0.53-1)
GHSA
GHSA-chh5-m35x-x292: The process_browse_data function in utils/cups-browsed
ghsa_unreviewed·2022-05-14
CVE-2014-4337 [MEDIUM] CWE-119 GHSA-chh5-m35x-x292: The process_browse_data function in utils/cups-browsed
The process_browse_data function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted packet data.
OSV
CVE-2014-4337: The process_browse_data function in utils/cups-browsed
osv·2014-06-22·CVSS 4.3
CVE-2014-4337 [MEDIUM] CVE-2014-4337: The process_browse_data function in utils/cups-browsed
The process_browse_data function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted packet data.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2014-4337 cups-filters: cups-browsed DoS via process_browse_data() OOB read
bugzilla·2014-06-20·CVSS 5.8
CVE-2014-4337 [MEDIUM] CVE-2014-4337 cups-filters: cups-browsed DoS via process_browse_data() OOB read
CVE-2014-4337 cups-filters: cups-browsed DoS via process_browse_data() OOB read
Sebastian Krahmer of SUSE reported an out of bounds read flaw in the way cups-browsed handled browse packets. A specially crafted packet could cause cups-browsed read behind the end of the buffer that stores incoming packet and possibly crash. The issue was fixed upstream in version 1.0.53 as part of the following commit, which also fixes CVE-2014-4336 (bug 1091565):
http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194
The flaw is in process_browse_data(), which fails to properly check packet length while parsing browse packet.
The original report in SUSE/Novell bugzilla:
https://bugzilla.novell.com/show_bug.cgi?id=871327
Discussion:
All supported Fedora versions are already
Bugzilla
CVE-2014-4336 cups-filters: incomplete fix for CVE-2014-2707
bugzilla·2014-04-25·CVSS 8.3
CVE-2014-4336 [HIGH] CVE-2014-4336 cups-filters: incomplete fix for CVE-2014-2707
CVE-2014-4336 cups-filters: incomplete fix for CVE-2014-2707
According to Sebastian Krahmer, the initial fix for CVE-2014-2707 (bug #1083326) is incomplete:
"
This issue was reported as fixed in 1.0.51:
http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7188
http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7189
but it was found that the fix was incomplete with the full fix in 1.0.53:
http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194
"
The CVE-2014-2707 flaw is regarding the cups-browsed daemon being manipulated to execute arbitrary commands via malicious broadcast packets.
Discussion:
Created cups-filters tracking bugs for this issue:
Affects: fedora-all [bug 1091569]
---
cups-filters-1.0.53-1.fc
http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194http://openwall.com/lists/oss-security/2014/06/19/12http://rhn.redhat.com/errata/RHSA-2014-1795.htmlhttp://secunia.com/advisories/62044http://www.securityfocus.com/bid/68122http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194http://openwall.com/lists/oss-security/2014/06/19/12http://rhn.redhat.com/errata/RHSA-2014-1795.htmlhttp://secunia.com/advisories/62044http://www.securityfocus.com/bid/68122
2014-06-22
Published