CVE-2017-18248Improper Input Validation in Apple Cups

CWE-20Improper Input Validation10 documents8 sources
Severity
5.3MEDIUMNVD
EPSS
1.0%
top 22.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apple Cups
Timeline
PublishedMar 26
Latest updateMay 14

Description

The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs with an invalid username, related to a D-Bus notification.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.6 | Impact: 3.6

Affected Packages3 packages

NVDapple/cups< 2.2.6
Debianapple/cups< 2.2.6-1+3
Ubuntuapple/cups< 1.7.2-0ubuntu1.10+2

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

4
GHSA
GHSA-445m-qfhv-mv64: The add_job function in scheduler/ipp2022-05-14
OSV
cups vulnerabilities2018-07-11
OSV
CVE-2017-18248: The add_job function in scheduler/ipp2018-03-26
CVEList
CVE-2017-18248: The add_job function in scheduler/ipp2018-03-26

📋Vendor Advisories

3
Ubuntu
CUPS vulnerabilities2018-07-11
Red Hat
cups: Invalid usernames handled in scheduler/ipp.c:add_job() allow remote attackers to cause a denial of service2017-10-16
Debian
CVE-2017-18248: cups - The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support...2017

💬Community

2
Bugzilla
CVE-2017-18248 cups: Invalid usernames handled in scheduler/ipp.c:add_job() allow remote attackers to cause a denial of service [fedora-all]2018-03-28
Bugzilla
CVE-2017-18248 cups: Invalid usernames handled in scheduler/ipp.c:add_job() allow remote attackers to cause a denial of service2018-03-28
CVE-2017-18248 — Improper Input Validation in Apple | cvebase