PT-2019-5321 · Apple+4 · Cups+5

Stephan Zeisberg

Publicado

2019-08-14

Atualizado

2020-10-29

CVE-2019-8675

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions macOS versions prior to 10.14.6 Security Update versions prior to 2019-004 for High Sierra and Sierra

Description A buffer overflow issue was addressed with improved memory handling. An attacker in a privileged network position may be able to execute arbitrary code. The issue is related to the asn1 get type function in the libcups library of the CUPS print server, which can cause a stack-based buffer overflow. Exploitation of this issue may allow a remote attacker to cause a denial of service.

Recommendations For macOS versions prior to 10.14.6, update to macOS Mojave 10.14.6 or later. For High Sierra and Sierra, apply Security Update 2019-004 or later. As a temporary workaround, consider restricting access to the CUPS print server until a patch is available.

Correção

Stack Overflow

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-121CWE-120

Identificadores relacionados

BDU:2020-02389

CESA-2020_1765

CESA-2020_3864

CVE-2019-8675

DLA-1893-1

MGASA-2020-0248

OPENSUSE-SU-2019:2573-1

OPENSUSE-SU-2019:2575-1

OPENSUSE-SU-2019_2573-1

OPENSUSE-SU-2019_2575-1

RHSA-2020:1765

RHSA-2020:3864

RHSA-2020_1765

RHSA-2020_3864

SUSE-SU-2019:14229-1

SUSE-SU-2019:3030-1

SUSE-SU-2019:3057-1

SUSE-SU-2019_14229-1

SUSE-SU-2019_3030-1

SUSE-SU-2019_3057-1

USN-4105-1

Produtos afetados

Cups

Centos

Red Hat

Suse

Ubuntu

Apple Macos

PT-2019-5321 · Apple+4 · Cups+5

CVE-2019-8675

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 43