CVE-2023-32324 — Heap-based Buffer Overflow in Cups

CWE-122 — Heap-based Buffer Overflow CWE-787 — Out-of-bounds Write CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents7 sources

Severity

5.5MEDIUMNVD

CNA7.5

EPSS

0.3%

top 50.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Cups Openprinting Cups Debian Linux

Timeline

PublishedJun 1

Latest updateJun 13

Description

OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service (DoS) attack. A buffer overflow vulnerability in the function `format_log_line` could allow remote attackers to cause a DoS on the affected system. Exploitation of the vulnerability can be triggered when the configuration file `cupsd.conf` sets the value of `loglevel `to `DEBUG`. No known patches or workarounds exist at…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5openprinting/cups2.4.2

▶NVDopenprinting/cups2.4.2

▶Debianapple/cups< 2.3.3op2-3+deb11u3+3

Also affects: Debian Linux 10.0

🔴Vulnerability Details

OSV

CVE-2023-32324: OpenPrinting CUPS is an open source printing system↗2023-06-01

▶

CVEList

OpenPrinting CUPS vulnerable to heap buffer overflow↗2023-06-01

▶

📋Vendor Advisories

Microsoft

OpenPrinting CUPS vulnerable to heap buffer overflow↗2023-06-13

▶

Ubuntu

CUPS vulnerability↗2023-06-01

▶

Red Hat

cups: heap buffer overflow may lead to DoS↗2023-06-01

▶

Ubuntu

CUPS vulnerability↗2023-06-01

▶

Debian

CVE-2023-32324: cups - OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior...↗2023

▶