CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
91.0%
cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote
attackers, to cause a denial of service (daemon crash) by adding a large
number of RSS Subscriptions, which triggers a NULL pointer dereference.
NOTE: this issue can be triggered remotely by leveraging CVE-2008-5184.
Author | Note |
---|---|
mdeslaur | Only 1.3.x has rss subscriptions, so dapper is not vulnerable |
bugs.debian.org/cgi-bin/bugreport.cgi?bug=506180
bugs.launchpad.net/ubuntu/+source/cups/+bug/298241
bugzilla.redhat.com/show_bug.cgi?id=473901
launchpad.net/bugs/cve/CVE-2008-5183
nvd.nist.gov/vuln/detail/CVE-2008-5183
security-tracker.debian.org/tracker/CVE-2008-5183
ubuntu.com/security/notices/USN-707-1
www.cve.org/CVERecord?id=CVE-2008-5183
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
Percentile
91.0%