CVE-2008-0882
RCETitle: Cups RCE
RCE
Proof Of Concept
No public PoC currently indexed for CVE-2008-0882.
CWE Category
CWE-119
Published Date
Feb 21, 2008
Modified Date
Apr 09, 2025
Exploit Status
Not Found
Score
10.0
CVSS v2.0
Exploit Probability (EPSS)
23.07%
Vulnerability Summary
CVE-2008-0882: Double free vulnerability in the process_browse_data function in CUPS 1.3.5 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via crafted UDP Browse packets to the cupsd port (631/udp), related to an unspecified manipulation of a remote printer. NOTE: some of these details are obtained from third party information.
Impacted Vendors
Reference Links
http://docs.info.apple.com/article.html?artnum=307562
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00000.html
http://secunia.com/advisories/28994
http://secunia.com/advisories/29067
http://secunia.com/advisories/29120
http://secunia.com/advisories/29132
http://secunia.com/advisories/29251
http://secunia.com/advisories/29420
http://secunia.com/advisories/29485
http://secunia.com/advisories/29603
http://secunia.com/advisories/29634
http://security.gentoo.org/glsa/glsa-200804-01.xml
http://www.cups.org/str.php?L2656
http://www.debian.org/security/2008/dsa-1530
http://www.mandriva.com/security/advisories?name=MDVSA-2008:050
http://www.mandriva.com/security/advisories?name=MDVSA-2008:051
http://www.redhat.com/support/errata/RHSA-2008-0157.html
http://www.securityfocus.com/bid/27906
http://www.securitytracker.com/id?1019473
http://www.ubuntu.com/usn/usn-598-1
http://www.vupen.com/english/advisories/2008/0623
http://www.vupen.com/english/advisories/2008/0924/references
https://bugzilla.redhat.com/show_bug.cgi?id=433758
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9625
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00792.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00832.html
http://docs.info.apple.com/article.html?artnum=307562
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00000.html
http://secunia.com/advisories/28994
http://secunia.com/advisories/29067
http://secunia.com/advisories/29120
http://secunia.com/advisories/29132
http://secunia.com/advisories/29251
http://secunia.com/advisories/29420
http://secunia.com/advisories/29485
http://secunia.com/advisories/29603
http://secunia.com/advisories/29634
http://security.gentoo.org/glsa/glsa-200804-01.xml
http://www.cups.org/str.php?L2656
http://www.debian.org/security/2008/dsa-1530
http://www.mandriva.com/security/advisories?name=MDVSA-2008:050
http://www.mandriva.com/security/advisories?name=MDVSA-2008:051
http://www.redhat.com/support/errata/RHSA-2008-0157.html
http://www.securityfocus.com/bid/27906
http://www.securitytracker.com/id?1019473
http://www.ubuntu.com/usn/usn-598-1
http://www.vupen.com/english/advisories/2008/0623
http://www.vupen.com/english/advisories/2008/0924/references
https://bugzilla.redhat.com/show_bug.cgi?id=433758
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9625
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00792.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00832.html
CVSS v2.0
Source Entity
[email protected]
Severity
HIGH
10.0
Access Vector
N/A
Authentication
N/A
RAW VECTOR
AV:N/AC:L/Au:N/C:C/I:C/A:C
Associated Attack Patterns (CAPEC)
Total: PatternsNo specific attack patterns mapped.
Likelihood
Severity
Page /
CVE-2008-0882 Exploits & PoCs (Proof Of Concept)
No public PoCs found in our database for this CVE.
MODIFIED
Vulnerability data or affected products updated.
PUBLISHED
Vulnerability first announced in NVD.
Attack Vector Matrix
Access Vector
N/A
Complexity
N/A
Privileges
N/A
Interaction
NONE
CVSS Vector String
AV:N/AC:L/Au:N/C:C/I:C/A:C
Affected Stack
No specific products linked.