CVE-2024-47850 — Uncontrolled Resource Consumption in Cups-filters

CWE-400 — Uncontrolled Resource Consumption6 documents6 sources

Severity

7.5HIGHNVD

OSV5.3

EPSS

0.1%

top 69.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

4

Debian Cups-filters Msrc Azl3 Cups 1.28.17-3 ON Azure Linux 3.0 Msrc Azl3 Cups 2.4.10-1 ON Azure Linux 3.0 +1 more

Timeline

PublishedOct 4

Latest updateOct 8

Description

CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. (The request is meant to probe the new printer but can be used to create DDoS amplification attacks.)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶debiandebian/cups-filters

▶msrcmsrc/azl3_cups_2.4.10-1_on_azure_linux_3.0

▶msrcmsrc/azl3_cups_1.28.17-3_on_azure_linux_3.0

▶msrcmsrc/cbl2_cups_2.3.3op2-9_on_cbl_mariner_2.0

🔴Vulnerability Details

2

OSV

CVE-2024-47850: CUPS cups-browsed before 2↗2024-10-04

▶

GHSA

GHSA-phc2-g348-384g: CUPS cups-browsed before 2↗2024-10-04

▶

📋Vendor Advisories

3

Microsoft

CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability th↗2024-10-08

▶

Red Hat

cups-browsed: cups-filters: cups-browsed vulnerable to DDoS amplification attack↗2024-10-04

▶

Debian

CVE-2024-47850: cups-filters - CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary de...↗2024

▶