CVE-2023-32324
published 2023-06-01CVE-2023-32324: OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remote attacker to launch…
medium5.5CVSS 3.1
AVLACLPRNUIRSUCNINAH
OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service (DoS) attack. A buffer overflow vulnerability in the function `format_log_line` could allow remote attackers to cause a DoS on the affected system. Exploitation of the vulnerability can be triggered when the configuration file `cupsd.conf` sets the value of `loglevel `to `DEBUG`. No known patches or workarounds exist at time of publication.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | cups | >= 0 < 2.3.3op2-3+deb11u3 | 2.3.3op2-3+deb11u3 |
| apple | cups | >= 0 < 2.4.2-3+deb12u1 | 2.4.2-3+deb12u1 |
| apple | cups | >= 0 < 2.4.2-4 | 2.4.2-4 |
| apple | cups | >= 0 < 2.4.2-4 | 2.4.2-4 |
| debian | cups | < cups 2.4.2-3+deb12u1 (bookworm) | cups 2.4.2-3+deb12u1 (bookworm) |
| debian | debian_linux | — | — |
| msrc | azl3_cups_2.3.3op2-6_on_azure_linux_3.0 | — | — |
| msrc | azl3_cups_2.4.10-1_on_azure_linux_3.0 | — | — |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
| msrc | cbl2_cups_2.3.3op2-7_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_cups_2.3.3op2-9_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| openprinting | cups | <= 2.4.2 | — |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
osv5.5MEDIUM