PT-2020-6169 · Apple+8 · Apple Macos+9

Niky

Published

2020-12-14

Updated

2024-06-15

CVE-2020-10001

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions CUPS versions prior to the fixed version macOS versions prior to Big Sur 11.1 macOS Catalina versions prior to Security Update 2020-001 macOS Mojave versions prior to Security Update 2020-007

Description The issue is related to an input validation problem in the ippReadIO function of the cups/ipp.c component of the CUPS print server, which is associated with a lack of input data validation mechanism. This allows a remote attacker to gain access to confidential information. The problem was addressed with improved memory handling. A malicious application may be able to read restricted memory.

Recommendations For CUPS, update to a version that includes the fix for the input validation issue. For macOS Big Sur, update to version 11.1 or later. For macOS Catalina, apply Security Update 2020-001 or later. For macOS Mojave, apply Security Update 2020-007 or later.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALSA-2021:4393

ALT-PU-2021-1474

ALT-PU-2021-1508

ALT-PU-2022-2414

BDU:2021-03401

CESA-2021_4393

CVE-2020-10001

DLA-2800-1

MGASA-2021-0116

OESA-2021-1357

OPENSUSE-SU-2021:0253-1

OPENSUSE-SU-2021_0253-1

OPENSUSE-SU-2024:10707-1

RHSA-2021:4393

RHSA-2021_4393

RLSA-2021:4393

SUSE-SU-2021:0285-1

SUSE-SU-2021:0286-1

USN-5454-1

USN-5454-2

Affected Products

Alt Linux

Almalinux

Cups

Centos

Linuxmint

Apple Macos

Red Hat

Rocky Linux

Suse

Ubuntu

PT-2020-6169 · Apple+8 · Apple Macos+9

CVE-2020-10001

Weakness Enumeration

Related Identifiers

Affected Products

References · 72