5.3
CVE-2017-18248
- EPSS 2.26%
- Veröffentlicht 26.03.2018 17:29:00
- Zuletzt bearbeitet 21.11.2024 03:19:40
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs with an invalid username, related to a D-Bus notification.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.26% | 0.807 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 1.6 | 3.6 |
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 3.5 | 6.8 | 2.9 |
AV:N/AC:M/Au:S/C:N/I:N/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
https://lists.debian.org/debian-lts-announce/2018/07/msg00003.html
https://github.com/apple/cups/commit/49fa4983f25b64ec29d548ffa3b9782426007df3
https://github.com/apple/cups/issues/5143
https://github.com/apple/cups/releases/tag/v2.2.6
https://lists.debian.org/debian-lts-announce/2018/05/msg00018.html
https://security.cucumberlinux.com/security/details.php?id=346
https://usn.ubuntu.com/3713-1/