PT-2019-5321 · Apple+4 · Cups+5

Stephan Zeisberg

·

Published

2019-08-14

·

Updated

2020-10-29

·

CVE-2019-8675

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions macOS versions prior to 10.14.6 Security Update versions prior to 2019-004 for High Sierra and Sierra
Description A buffer overflow issue was addressed with improved memory handling. An attacker in a privileged network position may be able to execute arbitrary code. The issue is related to the asn1 get type function in the libcups library of the CUPS print server, which can cause a stack-based buffer overflow. Exploitation of this issue may allow a remote attacker to cause a denial of service.
Recommendations For macOS versions prior to 10.14.6, update to macOS Mojave 10.14.6 or later. For High Sierra and Sierra, apply Security Update 2019-004 or later. As a temporary workaround, consider restricting access to the CUPS print server until a patch is available.

Fix

Stack Overflow

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-120

Related Identifiers

BDU:2020-02389
CESA-2020_1765
CESA-2020_3864
CVE-2019-8675
DLA-1893-1
MGASA-2020-0248
OPENSUSE-SU-2019:2573-1
OPENSUSE-SU-2019:2575-1
OPENSUSE-SU-2019_2573-1
OPENSUSE-SU-2019_2575-1
RHSA-2020:1765
RHSA-2020:3864
RHSA-2020_1765
RHSA-2020_3864
SUSE-SU-2019:14229-1
SUSE-SU-2019:3030-1
SUSE-SU-2019:3057-1
SUSE-SU-2019_14229-1
SUSE-SU-2019_3030-1
SUSE-SU-2019_3057-1
USN-4105-1

Affected Products

Cups
Centos
Red Hat
Suse
Ubuntu
Apple Macos