2209603 – (CVE-2023-32324) CVE-2023-32324 cups: heap buffer overflow may lead to DoS

Bug 2209603 (CVE-2023-32324) - CVE-2023-32324 cups: heap buffer overflow may lead to DoS

Summary: CVE-2023-32324 cups: heap buffer overflow may lead to DoS

Keywords:
Status:	NEW
Alias:	CVE-2023-32324
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2209611 2209612 2209610 2214939
Blocks:	2209348
TreeView+	depends on / blocked

Reported:	2023-05-24 08:24 UTC by Marian Rehak
Modified:	2023-07-07 08:28 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in the Cups package. A buffer overflow vulnerability in the \|format_log_line\| function could allow remote attackers to cause a denial of service. Exploitation is only possible when the configuration file, cupsd.conf, has the value of loglevel set to DEBUG.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Marian Rehak 2023-05-24 08:24:28 UTC

A buffer overflow vulnerability in the function |format_log_line| could allow remote attackers to cause a denial-of-service(DoS) on the affected  system (not verified for possible arbitrary code execution). Exploitation of the vulnerability can be triggered when the  configuration file |cupsd.conf| sets the value of |loglevel |to |DEBUG|.

Comment 5 Marian Rehak 2023-06-14 07:47:27 UTC

Created cups tracking bugs for this issue:

Affects: fedora-all [bug 2214939]

Note You need to log in before you can comment on or make changes to this bug.