CVE-2015-0839 — Hplip vulnerability

CWE-3208 documents7 sources

Severity

8.1HIGHNVD

EPSS

0.3%

top 49.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Hplip HP Linux Imaging AND Printing

Timeline

PublishedAug 2

Latest updateMay 17

Description

The hp-plugin utility in HP Linux Imaging and Printing (HPLIP) makes it easier for man-in-the-middle attackers to execute arbitrary code by leveraging use of a short GPG key id from a keyserver to verify print plugin downloads.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages2 packages

▶NVDhp/linux_imaging_and_printing3.17.7

▶debiandebian/hplip< hplip 3.15.11+repack0-1 (bookworm)

🔴Vulnerability Details

GHSA

GHSA-68c7-7p5r-7c3q: The hp-plugin utility in HP Linux Imaging and Printing (HPLIP) makes it easier for man-in-the-middle attackers to execute arbitrary code by leveraging↗2022-05-17

▶

OSV

CVE-2015-0839: The hp-plugin utility in HP Linux Imaging and Printing (HPLIP) makes it easier for man-in-the-middle attackers to execute arbitrary code by leveraging↗2017-08-02

▶

📋Vendor Advisories

Ubuntu

HPLIP vulnerability↗2015-07-30

▶

Red Hat

hplip: hp-plugin verified binary download with short key ID↗2015-05-29

▶

Debian

CVE-2015-0839: hplip - The hp-plugin utility in HP Linux Imaging and Printing (HPLIP) makes it easier f...↗2015

▶

💬Community

Bugzilla

CVE-2015-0839 hplip: hp-plugin verified binary download with short key ID↗2015-06-02

▶

Bugzilla

CVE-2015-0839 hplip: hp-plugin verified binary download with short key ID [fedora-all]↗2015-06-02

▶