CVE-2023-32324

OpenPrinting CUPS vulnerable to heap buffer overflow

CVSS 7.5 HIGHEPSS 1.5%CWE-122 CWE-787

In short

OpenPrinting CUPS has a memory overflow bug in its logging function that can crash the print server when debug logging is enabled. An attacker can remotely trigger this crash, disrupting printing services.

Technical detail

A heap buffer overflow in the `format_log_line` function allows remote attackers to cause denial of service when `loglevel` is set to `DEBUG` in `cupsd.conf`. The vulnerability affects CUPS versions 2.4.2 and prior; exploitation requires the debug logging configuration to be active.

Summary generated and translated by AI from the official description.

OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service (DoS) attack. A buffer overflow vulnerability in the function `format_log_line` could allow remote attackers to cause a DoS on the affected system. Exploitation of the vulnerability can be triggered when the configuration file `cupsd.conf` sets the value of `loglevel `to `DEBUG`. No known patches or workarounds exist at time of publication.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

OpenPrinting · cups

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7 https://lists.debian.org/debian-lts-announce/2023/06/msg00001.html