Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveGitHub_MCVE-2023-34095
HistoryJun 14, 2023 - 5:15 p.m.

CVE-2023-34095

2023-06-1417:15:09
CWE-121
GitHub_M
web.nvd.nist.gov
29
cpdb-libs
buffer overflow
scanf
fscanf
cve-2023-34095
security patch

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.006

Percentile

79.5%

JSON

cpdb-libs provides frontend and backend libraries for the Common Printing Dialog Backends (CPDB) project. In versions 1.0 through 2.0b4, cpdb-libs is vulnerable to buffer overflows via improper use of scanf(3). cpdb-libs uses the fscanf() and scanf() functions to parse command lines and configuration files, dropping the read string components into fixed-length buffers, but does not limit the length of the strings to be read by fscanf() and scanf() causing buffer overflows when a string is longer than 1023 characters. A patch for this issue is available at commit f181bd1f14757c2ae0f17cc76dc20421a40f30b7. As all buffers have a length of 1024 characters, the patch limits the maximum string length to be read to 1023 by replacing all occurrences of %s with %1023s in all calls of the fscanf() and scanf() functions.

Affected configurations

Nvd
Vulners
Node
openprintingcpdb-libsRange1.02.0
OR
openprintingcpdb-libsMatch2.0beta1
OR
openprintingcpdb-libsMatch2.0beta2
OR
openprintingcpdb-libsMatch2.0beta3
OR
openprintingcpdb-libsMatch2.0beta4
VendorProductVersionCPE
openprintingcpdb-libs*cpe:2.3:a:openprinting:cpdb-libs:*:*:*:*:*:*:*:*
openprintingcpdb-libs2.0cpe:2.3:a:openprinting:cpdb-libs:2.0:beta1:*:*:*:*:*:*
openprintingcpdb-libs2.0cpe:2.3:a:openprinting:cpdb-libs:2.0:beta2:*:*:*:*:*:*
openprintingcpdb-libs2.0cpe:2.3:a:openprinting:cpdb-libs:2.0:beta3:*:*:*:*:*:*
openprintingcpdb-libs2.0cpe:2.3:a:openprinting:cpdb-libs:2.0:beta4:*:*:*:*:*:*

CNA Affected

[
  {
    "vendor": "OpenPrinting",
    "product": "cpdb-libs",
    "versions": [
      {
        "version": ">= 1.0, <= 2.0b4",
        "status": "affected"
      }
    ]
  }
]

Related

nvd 1
cvelist 1
ubuntucve 1
ubuntu 1
prion 1
debiancve 1
nessus 1
osv 2
openvas 1
nvd
nvd
CVE-2023-34095
2023-06-14 17:15:09
cvelist
cvelist
CVE-2023-34095 cpdb-libs vulnerable to buffer overflows via scanf
2023-06-14 16:58:50
ubuntucve
ubuntucve
CVE-2023-34095
2023-06-14 00:00:00
ubuntu
ubuntu
CPDB vulnerability
2023-07-05 00:00:00
prion
prion
Buffer overflow
2023-06-14 17:15:00
debiancve
debiancve
CVE-2023-34095
2023-06-14 17:15:09
nessus
nessus
Ubuntu 20.04 LTS / 22.04 LTS / 23.04 : CPDB vulnerability (USN-6204-1)
2023-07-05 00:00:00
osv
osv
CVE-2023-34095
2023-06-14 17:15:09
cpdb-libs vulnerability
2023-07-05 15:23:02
openvas
openvas
Ubuntu: Security Advisory (USN-6204-1)
2023-07-06 00:00:00

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.3

Confidence

High

EPSS

0.006

Percentile

79.5%

JSON
Related for CVE-2023-34095
nvd1cvelist1ubuntucve1ubuntu1prion1debiancve1nessus1osv2openvas1