CVE-2023-32324

2023-06-0100:00:00

ubuntu.com

openprinting cups

heap buffer overflow

version 2.4.2

denial of service

remote attacker

dos

buffer overflow

format_log_line

configuration file

cupsd.conf

loglevel

debug

vulnerability

patch

workaround

unix

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

32.9%

JSON

OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and
prior, a heap buffer overflow vulnerability would allow a remote attacker
to launch a denial of service (DoS) attack. A buffer overflow vulnerability
in the function format_log_line could allow remote attackers to cause a
DoS on the affected system. Exploitation of the vulnerability can be
triggered when the configuration file cupsd.conf sets the value of
loglevel to DEBUG. No known patches or workarounds exist at time of
publication.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchcups< 2.2.7-1ubuntu2.10UNKNOWN
ubuntu20.04noarchcups< 2.3.1-9ubuntu1.3UNKNOWN
ubuntu22.04noarchcups< 2.4.1op1-1ubuntu4.2UNKNOWN
ubuntu22.10noarchcups< 2.4.2-1ubuntu2.1UNKNOWN
ubuntu23.04noarchcups< 2.4.2-3ubuntu2.1UNKNOWN
ubuntu16.04noarchcups< 2.1.3-4ubuntu0.11+esm2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	cups	< 2.2.7-1ubuntu2.10	UNKNOWN
ubuntu	20.04	noarch	cups	< 2.3.1-9ubuntu1.3	UNKNOWN
ubuntu	22.04	noarch	cups	< 2.4.1op1-1ubuntu4.2	UNKNOWN
ubuntu	22.10	noarch	cups	< 2.4.2-1ubuntu2.1	UNKNOWN
ubuntu	23.04	noarch	cups	< 2.4.2-3ubuntu2.1	UNKNOWN
ubuntu	16.04	noarch	cups	< 2.1.3-4ubuntu0.11+esm2	UNKNOWN