5.3

CVE-2017-18248

Exploit
The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when D-Bus support is enabled, can be crashed by remote attackers by sending print jobs with an invalid username, related to a D-Bus notification.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AppleCups Version < 2.2.6
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.26% 0.807
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 1.6 3.6
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 3.5 6.8 2.9
AV:N/AC:M/Au:S/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://lists.debian.org/debian-lts-announce/2018/07/msg00003.html
https://github.com/apple/cups/commit/49fa4983f25b64ec29d548ffa3b9782426007df3
Patch
Third Party Advisory
https://github.com/apple/cups/issues/5143
Third Party Advisory
Exploit
https://github.com/apple/cups/releases/tag/v2.2.6
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/05/msg00018.html
https://security.cucumberlinux.com/security/details.php?id=346
Third Party Advisory
Exploit
https://usn.ubuntu.com/3713-1/