Lucene search

K

Redhat.comRH:CVE-2023-34241

HistoryJun 22, 2023 - 11:17 a.m.

CVE-2023-34241

2023-06-2211:17:06

redhat.com

access.redhat.com

10

cups

use-after-free

vulnerability

logging service

connection

memory

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

0.0004 Low

EPSS

Percentile

5.1%

A vulnerability was found in CUPS. This issue occurs due to logging data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data immediately before the connection closed, resulting in a use-after-free in cupsdAcceptClient() in scheduler/client.c

References

bugzilla.redhat.com/show_bug.cgi?id=2214914

nvd.nist.gov/vuln/detail/CVE-2023-34241

www.cve.org/CVERecord?id=CVE-2023-34241

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

0.0004 Low

EPSS

Percentile

5.1%

Related for RH:CVE-2023-34241