PT-2024-8003 · Cups+7 · Cups Cups-Browsed+7

Habbie

·

Published

2024-09-26

·

Updated

2026-05-13

·

CVE-2024-47850

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions CUPS cups-browsed versions prior to 2.5b1
Description The issue is related to an uncontrolled resource consumption in the CUPS cups-browsed service, which can be exploited by a remote attacker to cause a denial of service. It is also associated with a DDoS amplification attack, where the service sends an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added.
Recommendations For versions prior to 2.5b1, update to version 2.5b1 or later to resolve the issue. As a temporary workaround, consider restricting access to the cups-browsed service to minimize the risk of exploitation. Avoid using the service to probe new printers until the issue is resolved.

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

ALT-PU-2024-14891
AZL-53837
BDU:2024-09520
CESA-2024_7463
CVE-2024-47850
GHSA-RQ86-C7G6-R2H8
OESA-2024-2246
OPENSUSE-SU-2024_3863-1
OPENSUSE-SU-2025:15563-1
RHSA-2024:7346
RHSA-2024:7461
RHSA-2024:7462
RHSA-2024:7463
RHSA-2024:7503
RHSA-2024:7504
RHSA-2024:7506
RHSA-2024:7551
RHSA-2024:7553
RHSA-2024:7623
RHSA-2024_7346
RHSA-2024_7463
ROSA-SA-2025-2556
SUSE-SU-2024:3570-1
SUSE-SU-2024:3711-1
SUSE-SU-2024:3756-1
SUSE-SU-2024:3863-1
SUSE-SU-2024_3756-1
USN-7042-1
USN-7043-1
USN-7043-2
USN-7043-3

Affected Products

Alt Linux
Astra Linux
Cups Cups-Browsed
Centos
Debian
Red Hat
Red Os
Suse