Vulnerability Report

CVE-2023-34241

Title: OpenPrinting CUPS Use-After-Free

Use-After-Free, DoS

Proof Of Concept

No public PoC currently indexed for CVE-2023-34241.

CWE Category CWE-416
Published Date Jun 22, 2023
Modified Date Nov 21, 2024
Exploit Status Not Found
Score 5.3 CVSS v3.1
Exploit Probability (EPSS)
0.05%

Vulnerability Summary

CVE-2023-34241: OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data right before. This is a use-after-free bug that impacts the entire cupsd process. The exact cause of this issue is the function `httpClose(con->http)` being called in `scheduler/client.c`. The problem is that httpClose always, provided its argument is not null, frees the pointer at the end of the call, only for cupsdLogClient to pass the pointer to httpGetHostname. This issue happens in function `cupsdAcceptClient` if LogLevel is warn or higher and in two scenarios: there is a double-lookup for the IP Address (HostNameLookups Double is set in `cupsd.conf`) which fails to resolve, or if CUPS is compiled with TCP wrappers and the connection is refused by rules from `/etc/hosts.allow` and `/etc/hosts.deny`. Version 2.4.6 has a patch for this issue.

Impacted Vendors

E
easy_software_products 1
O
openprinting 1

Reference Links

http://www.openwall.com/lists/oss-security/2023/06/23/10 http://www.openwall.com/lists/oss-security/2023/06/26/1 https://github.com/OpenPrinting/cups/commit/9809947a959e18409dcf562a3466ef246cb90cb2 https://github.com/OpenPrinting/cups/releases/tag/v2.4.6 https://github.com/OpenPrinting/cups/security/advisories/GHSA-qjgh-5hcq-5f25 https://lists.debian.org/debian-lts-announce/2023/06/msg00038.html https://lists.fedoraproject.org/archives/list/[email protected]/message/7I7DWGYGEMBNLZF5UQBMF3SONR37YUBN/ https://lists.fedoraproject.org/archives/list/[email protected]/message/TBIYKDS3UG3W4Z7YOHTR2AWFNBRYPNYY/ https://support.apple.com/kb/HT213843 https://support.apple.com/kb/HT213844 https://support.apple.com/kb/HT213845 http://www.openwall.com/lists/oss-security/2023/06/23/10 http://www.openwall.com/lists/oss-security/2023/06/26/1 https://github.com/OpenPrinting/cups/commit/9809947a959e18409dcf562a3466ef246cb90cb2 https://github.com/OpenPrinting/cups/releases/tag/v2.4.6 https://github.com/OpenPrinting/cups/security/advisories/GHSA-qjgh-5hcq-5f25 https://lists.debian.org/debian-lts-announce/2023/06/msg00038.html https://lists.fedoraproject.org/archives/list/[email protected]/message/7I7DWGYGEMBNLZF5UQBMF3SONR37YUBN/ https://lists.fedoraproject.org/archives/list/[email protected]/message/TBIYKDS3UG3W4Z7YOHTR2AWFNBRYPNYY/ https://support.apple.com/kb/HT213843 https://support.apple.com/kb/HT213844 https://support.apple.com/kb/HT213845
CVSS v3.1
Source Entity [email protected]
Severity MEDIUM
5.3
Attack Vector
NETWORK
Complexity
LOW
Privileges
N/A
Interaction
NONE
Confidentiality
N/A
Integrity
N/A
Availability
N/A
Scope
UNCHANGED
RAW VECTOR CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVSS v3.1
Source Entity [email protected]
Severity HIGH
7.1
Attack Vector
LOCAL
Complexity
LOW
Privileges
N/A
Interaction
NONE
Confidentiality
N/A
Integrity
N/A
Availability
N/A
Scope
UNCHANGED
RAW VECTOR CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2023-34241 Exploits & PoCs (Proof Of Concept)

No public PoCs found in our database for this CVE.

MODIFIED

Vulnerability data or affected products updated.

PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector NETWORK
Complexity LOW
Privileges N/A
Interaction NONE
CVSS Vector String CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Stack

No specific products linked.