Attacker Value
Unknown
CVE-2010-2941
CVE-2010-2941
(Last updated February 03, 2024) ▾
MITRE ATT&CK
Log in to add MITRE ATT&CK tag
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
Description
ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
Data provided by the National Vulnerability Database (NVD)
Base Score:
9.8 Critical
Impact Score:
5.9
Exploitability Score:
3.9
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High
General Information
Products
- cups,
- debian linux 5.0,
- enterprise linux 5.0,
- enterprise linux 6.0,
- enterprise linux desktop 5.0,
- enterprise linux server 5.0,
- enterprise linux workstation 5.0,
- fedora 12,
- fedora 13,
- fedora 14,
- linux enterprise 10.0,
- linux enterprise 11.0,
- linux enterprise server 9,
- mac os x,
- mac os x server,
- opensuse 11.1,
- opensuse 11.2,
- opensuse 11.3,
- ubuntu linux 10.04,
- ubuntu linux 10.10,
- ubuntu linux 6.06,
- ubuntu linux 8.04,
- ubuntu linux 9.10
References
Advisory
