CVE-2023-34241

Name of the Vulnerable Software and Affected Versions OpenPrinting CUPS versions 2.0.0 through 2.4.6

Description The issue is a use-after-free bug that impacts the entire cupsd process. It occurs when the function httpClose(con->http) is called in scheduler/client.c, freeing the pointer at the end of the call, but cupsdLogClient passes the pointer to httpGetHostname. This happens in function cupsdAcceptClient if LogLevel is warn or higher, under two scenarios: a double-lookup for the IP Address fails to resolve, or if CUPS is compiled with TCP wrappers and the connection is refused by rules from /etc/hosts.allow and /etc/hosts.deny.

Recommendations To resolve the issue, update to version 2.4.6 or later, as it includes a patch for this problem. As a temporary workaround, consider restricting the LogLevel to a setting lower than warn to minimize the risk of exploitation in versions prior to 2.4.6. Restrict access to the /etc/hosts.allow and /etc/hosts.deny files to prevent unauthorized modifications that could lead to exploitation in versions prior to 2.4.6.