Описание
A flaw was found in CUPS, an open-source printing system. An unprivileged local user can exploit an integer underflow vulnerability by providing a negative job-password-supported Internet Printing Protocol (IPP) attribute. This manipulation causes the cupsd root process to crash, which can be repeatedly triggered to achieve a sustained Denial of Service (DoS) on the system.
Отчет
This Moderate impact vulnerability in CUPS allows an unprivileged local user to trigger a denial of service by providing a specially crafted IPP attribute. This can repeatedly crash the cupsd root process, leading to a sustained denial of service on Red Hat Enterprise Linux systems where CUPS is enabled.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | cups | Fix deferred | ||
| Red Hat Enterprise Linux 6 | cups | Out of support scope | ||
| Red Hat Enterprise Linux 7 | cups | Fix deferred | ||
| Red Hat Enterprise Linux 8 | cups | Fix deferred | ||
| Red Hat Enterprise Linux 9 | cups | Fix deferred | ||
| Red Hat Hardened Images | cups | Affected | ||
| Red Hat OpenShift Container Platform 4 | rhcos | Fix deferred |
Показывать по
Дополнительная информация
Статус:
4 Medium
CVSS3
Связанные уязвимости
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, an integer underflow vulnerability in _ppdCreateFromIPP() (cups/ppd-cache.c) allows any unprivileged local user to crash the cupsd root process by supplying a negative job-password-supported IPP attribute. The bounds check only caps the upper bound, so a negative value passes validation, is cast to size_t (wrapping to ~2^64), and is used as the length argument to memset() on a 33-byte stack buffer. This causes an immediate SIGSEGV in the cupsd root process. Combined with systemd's Restart=on-failure, an attacker can repeat the crash for sustained denial of service.
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, an integer underflow vulnerability in _ppdCreateFromIPP() (cups/ppd-cache.c) allows any unprivileged local user to crash the cupsd root process by supplying a negative job-password-supported IPP attribute. The bounds check only caps the upper bound, so a negative value passes validation, is cast to size_t (wrapping to ~2^64), and is used as the length argument to memset() on a 33-byte stack buffer. This causes an immediate SIGSEGV in the cupsd root process. Combined with systemd's Restart=on-failure, an attacker can repeat the crash for sustained denial of service.
CUPS has an integer underflow in `_ppdCreateFromIPP` causes root cupsd crash via negative `job-password-supported`
OpenPrinting CUPS is an open source printing system for Linux and othe ...
4 Medium
CVSS3