CVE-2024-47850

EPSS 0.17%
Veröffentlicht 04.10.2024 05:15:11
Zuletzt bearbeitet 21.11.2024 09:40:13
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. (The request is meant to probe the new printer but can be used to create DDoS amplification attacks.)

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)

Herstellercups

≫

Produkt cups

Default Statusunknown

Version < 2.5b1

Version 1.0

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.17%	0.389

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

https://github.com/OpenPrinting/cups

https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-rq86-c7g6-r2h8

https://www.akamai.com/blog/security-research/october-cups-ddos-threat

http://www.openwall.com/lists/oss-security/2024/10/04/1

https://security.netapp.com/advisory/ntap-20241011-0002/

https://nvd.nist.gov/vuln/detail/CVE-2024-47850

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-47850

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-47850

EUVD