← back
CVE-2024-47176

cups-browsed binds to `INADDR_ANY:631`, trusting any packet from any source

CVSS 5.3 MEDIUMEPSS 62.3%CWE-1327
In short

cups-browsed listens on all network interfaces (INADDR_ANY) on port 631 and accepts printer discovery packets from any source without verification. An attacker can send malicious printer information to trigger vulnerable code paths that, combined with other flaws, may lead to remote command execution.

Technical detail

cups-browsed binds to INADDR_ANY:631 and processes untrusted IPP (Internet Printing Protocol) packets without source validation, allowing an attacker on the network to send crafted Get-Printer-Attributes requests. This network exposure, combined with chaining vulnerabilities CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177, enables remote code execution when a user interacts with a malicious printer advertisement.

Summary generated and translated by AI from the official description.
CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. `cups-browsed` binds to `INADDR_ANY:631`, causing it to trust any packet from any source, and can cause the `Get-Printer-Attributes` IPP request to an attacker controlled URL. When combined with other vulnerabilities, such as CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177, an attacker can execute arbitrary commands remotely on the target machine without authentication when a malicious printer is printed to.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Affected products
OpenPrinting · cups-browsed

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/OpenPrinting/cups-browsed/blob/master/daemon/cups-browsed.c#L13992https://github.com/OpenPrinting/cups-browsed/commit/1debe6b140c37e0aa928559add4abcc95ce54aa2https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6https://lists.debian.org/debian-lts-announce/2024/09/msg00048.htmlhttps://security.netapp.com/advisory/ntap-20241011-0001/https://www.cups.orghttps://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-Ihttp://www.openwall.com/lists/oss-security/2024/09/27/6http://www.openwall.com/lists/oss-security/2025/09/11/2