PT-2019-5320 · Apple+4 · Macos Mojave+8

Stephan Zeisberg

·

Publicado

2019-08-14

·

Atualizado

2024-06-15

·

CVE-2019-8696

CVSS v3.1

8.8

Alta

VetorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions CUPS versions prior to the version included in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra
Description The issue is caused by a buffer overflow in the asn1 get packed function of the libcups library in the CUPS print server. This can be exploited by a remote attacker to cause a denial of service. An attacker in a privileged network position may be able to execute arbitrary code due to a buffer overflow issue, which has been addressed with improved memory handling.
Recommendations For versions prior to the fixed version, consider applying the Security Update 2019-004 to High Sierra or Sierra, or updating to macOS Mojave 10.14.6 to resolve the issue. As a temporary workaround, consider restricting access to the CUPS print server to minimize the risk of exploitation.

Correção

Stack Overflow

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-121CWE-120

Identificadores relacionados

BDU:2020-02388
CESA-2020_1765
CESA-2020_3864
CVE-2019-8696
DLA-1893-1
MGASA-2020-0248
OPENSUSE-SU-2019:2573-1
OPENSUSE-SU-2019:2575-1
OPENSUSE-SU-2019_2573-1
OPENSUSE-SU-2019_2575-1
OPENSUSE-SU-2024:10707-1
RHSA-2020:1765
RHSA-2020:3864
RHSA-2020_1765
RHSA-2020_3864
SUSE-SU-2019:14229-1
SUSE-SU-2019:3030-1
SUSE-SU-2019:3057-1
SUSE-SU-2019_14229-1
USN-4105-1

Produtos afetados

Cups
Centos
High Sierra
Red Hat
Sierra
Suse
Ubuntu
Libcups
Macos Mojave