Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

None

Privileges Required

Low

Attack Vector

Local

0

CVE-2023-34241

Disclosure Date: June 22, 2023 •

CVE-2023-34241 CVSS v3 Base Score: 7.1

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data right before. This is a use-after-free bug that impacts the entire cupsd process.

The exact cause of this issue is the function httpClose(con->http) being called in scheduler/client.c. The problem is that httpClose always, provided its argument is not null, frees the pointer at the end of the call, only for cupsdLogClient to pass the pointer to httpGetHostname. This issue happens in function cupsdAcceptClient if LogLevel is warn or higher and in two scenarios: there is a double-lookup for the IP Address (HostNameLookups Double is set in cupsd.conf) which fails to resolve, or if CUPS is compiled with TCP wrappers and the connection is refused by rules from /etc/hosts.allow and /etc/hosts.deny.

Version 2.4.6 has a patch for this issue.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

7.1 High

Impact Score:

5.2

Exploitability Score:

1.8

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Attack Vector (AV):

Local

Attack Complexity (AC):

Low

Privileges Required (PR):

Low

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

None

Availability (A):

High

Vendors

apple,
debian,
fedoraproject,
openprinting

Products

cups,
debian linux 10.0,
fedora 37,
fedora 38,
macos

References

Canonical

CVE-2023-34241 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34241)

Miscellaneous

https://github.com/OpenPrinting/cups/security/advisories/GHSA-qjgh-5hcq-5f25

https://github.com/OpenPrinting/cups/commit/9809947a959e18409dcf562a3466ef246cb90cb2

https://github.com/OpenPrinting/cups/releases/tag/v2.4.6

http://www.openwall.com/lists/oss-security/2023/06/23/10

http://www.openwall.com/lists/oss-security/2023/06/26/1

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TBIYKDS3UG3W4Z7YOHTR2AWFNBRYPNYY/

https://lists.debian.org/debian-lts-announce/2023/06/msg00038.html

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7I7DWGYGEMBNLZF5UQBMF3SONR37YUBN/

https://support.apple.com/kb/HT213843

https://support.apple.com/kb/HT213844

https://support.apple.com/kb/HT213845

Rapid7

Technical Analysis