PT-2019-5320 · Apple+4 · Macos Mojave+8

Stephan Zeisberg

·

Published

2019-08-14

·

Updated

2024-06-15

·

CVE-2019-8696

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions CUPS versions prior to the version included in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra
Description The issue is caused by a buffer overflow in the asn1 get packed function of the libcups library in the CUPS print server. This can be exploited by a remote attacker to cause a denial of service. An attacker in a privileged network position may be able to execute arbitrary code due to a buffer overflow issue, which has been addressed with improved memory handling.
Recommendations For versions prior to the fixed version, consider applying the Security Update 2019-004 to High Sierra or Sierra, or updating to macOS Mojave 10.14.6 to resolve the issue. As a temporary workaround, consider restricting access to the CUPS print server to minimize the risk of exploitation.

Fix

Stack Overflow

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-120

Related Identifiers

BDU:2020-02388
CESA-2020_1765
CESA-2020_3864
CVE-2019-8696
DLA-1893-1
MGASA-2020-0248
OPENSUSE-SU-2019:2573-1
OPENSUSE-SU-2019:2575-1
OPENSUSE-SU-2019_2573-1
OPENSUSE-SU-2019_2575-1
OPENSUSE-SU-2024:10707-1
RHSA-2020:1765
RHSA-2020:3864
RHSA-2020_1765
RHSA-2020_3864
SUSE-SU-2019:14229-1
SUSE-SU-2019:3030-1
SUSE-SU-2019:3057-1
SUSE-SU-2019_14229-1
USN-4105-1

Affected Products

Cups
Centos
High Sierra
Red Hat
Sierra
Suse
Ubuntu
Libcups
Macos Mojave