PT-2023-3598 · Openprinting+8 · Openprinting Cups+8

Songxpu

·

Published

2023-06-01

·

Updated

2025-02-03

·

CVE-2023-32324

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions OpenPrinting CUPS versions 2.4.2 and prior
Description The issue is related to a heap buffer overflow vulnerability that could allow a remote attacker to launch a denial of service (DoS) attack. A buffer overflow vulnerability in the function format log line could allow remote attackers to cause a DoS on the affected system. Exploitation of the vulnerability can be triggered when the configuration file cupsd.conf sets the value of loglevel to DEBUG.
Recommendations For OpenPrinting CUPS versions 2.4.2 and prior, as a temporary workaround, consider setting the loglevel in the cupsd.conf configuration file to a value other than DEBUG to minimize the risk of exploitation. Additionally, consider restricting access to the format log line function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Memory Corruption

Heap Based Buffer Overflow

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-122CWE-119

Related Identifiers

ALSA-2023:6596
ALSA-2023:7165
ALT-PU-2023-5990
ALT-PU-2023-6178
ALT-PU-2023-6721
ALT-PU-2024-4621
AZL-37073
AZL-37098
BDU:2023-03873
CESA-2023_7165
CVE-2023-32324
DLA-3440-1
GHSA-CXC6-W2G7-69P7
MGASA-2023-0198
OESA-2023-1335
OPENSUSE-SU-2024:12975-1
RHSA-2023:6596
RHSA-2023:7165
RHSA-2023_6596
RHSA-2023_7165
RHSA-2024:1101
RHSA-2024:1409
ROSA-SA-2024-2427
SUSE-SU-2023:2346-1
SUSE-SU-2023:2347-1
SUSE-SU-2023_2346-1
SUSE-SU-2023_2347-1
SUSE-SU-2025:20090-1
USN-6128-1
USN-6128-2

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Openprinting Cups
Red Hat
Suse
Ubuntu