CVE-2023-32324

2023-06-0117:15:09

Debian Security Bug Tracker

security-tracker.debian.org

openprinting cups

heap buffer overflow

remote attacker

denial of service

function format_log_line

configuration file cupsd.conf

loglevel debug

exploitation vulnerability

patch

workaround

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

32.9%

JSON

OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service (DoS) attack. A buffer overflow vulnerability in the function format_log_line could allow remote attackers to cause a DoS on the affected system. Exploitation of the vulnerability can be triggered when the configuration file cupsd.conf sets the value of loglevel to DEBUG. No known patches or workarounds exist at time of publication.

OSVersionArchitecturePackageVersionFilename
Debian12allcups< 2.4.2-3+deb12u1cups_2.4.2-3+deb12u1_all.deb
Debian11allcups< 2.3.3op2-3+deb11u3cups_2.3.3op2-3+deb11u3_all.deb
Debian999allcups< 2.4.2-4cups_2.4.2-4_all.deb
Debian13allcups< 2.4.2-4cups_2.4.2-4_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	cups	< 2.4.2-3+deb12u1	cups_2.4.2-3+deb12u1_all.deb
Debian	11	all	cups	< 2.3.3op2-3+deb11u3	cups_2.3.3op2-3+deb11u3_all.deb
Debian	999	all	cups	< 2.4.2-4	cups_2.4.2-4_all.deb
Debian	13	all	cups	< 2.4.2-4	cups_2.4.2-4_all.deb