Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2023-34095
HistoryJun 14, 2023 - 12:00 a.m.

CVE-2023-34095

2023-06-1400:00:00
ubuntu.com
ubuntu.com
7
cpdb-libs
buffer overflows
scanf
patch
1023 chars
frontend_helper
print_frontend

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.006

Percentile

79.5%

JSON

cpdb-libs provides frontend and backend libraries for the Common Printing
Dialog Backends (CPDB) project. In versions 1.0 through 2.0b4, cpdb-libs is
vulnerable to buffer overflows via improper use of scanf(3). cpdb-libs
uses the fscanf() and scanf() functions to parse command lines and
configuration files, dropping the read string components into fixed-length
buffers, but does not limit the length of the strings to be read by
fscanf() and scanf() causing buffer overflows when a string is longer
than 1023 characters. A patch for this issue is available at commit
f181bd1f14757c2ae0f17cc76dc20421a40f30b7. As all buffers have a length of
1024 characters, the patch limits the maximum string length to be read to
1023 by replacing all occurrences of %s with %1023s in all calls of the
fscanf() and scanf() functions.

Notes

Author Note
alexmurray in B,F,J and K the affected code appears to be contained in lib/frontend_helper.c and demo/print_frontend.c respectively
OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchcpdb-libs< anyUNKNOWN
ubuntu20.04noarchcpdb-libs< 1.2.0-0ubuntu7.1UNKNOWN
ubuntu22.04noarchcpdb-libs< 1.2.0-0ubuntu8.1.22.04.1UNKNOWN
ubuntu22.10noarchcpdb-libs< 1.2.0-0ubuntu8.1.22.10.1UNKNOWN
ubuntu23.04noarchcpdb-libs< 2.0~b4-0ubuntu2.1UNKNOWN
ubuntu23.10noarchcpdb-libs< 2.0~b4-0ubuntu4UNKNOWN
ubuntu24.04noarchcpdb-libs< 2.0~b4-0ubuntu4UNKNOWN

Related

cve 1
nvd 1
cvelist 1
ubuntu 1
prion 1
debiancve 1
nessus 1
osv 2
openvas 1
cve
cve
CVE-2023-34095
2023-06-14 17:15:09
nvd
nvd
CVE-2023-34095
2023-06-14 17:15:09
cvelist
cvelist
CVE-2023-34095 cpdb-libs vulnerable to buffer overflows via scanf
2023-06-14 16:58:50
ubuntu
ubuntu
CPDB vulnerability
2023-07-05 00:00:00
prion
prion
Buffer overflow
2023-06-14 17:15:00
debiancve
debiancve
CVE-2023-34095
2023-06-14 17:15:09
nessus
nessus
Ubuntu 20.04 LTS / 22.04 LTS / 23.04 : CPDB vulnerability (USN-6204-1)
2023-07-05 00:00:00
osv
osv
CVE-2023-34095
2023-06-14 17:15:09
cpdb-libs vulnerability
2023-07-05 15:23:02
openvas
openvas
Ubuntu: Security Advisory (USN-6204-1)
2023-07-06 00:00:00

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.006

Percentile

79.5%

JSON
Related for UB:CVE-2023-34095
cve1nvd1cvelist1ubuntu1prion1debiancve1nessus1osv2openvas1