{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-47076", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-09-17T17:42:37.030Z", "datePublished": "2024-09-26T21:18:22.067Z", "dateUpdated": "2024-09-28T03:55:45.705Z"}, "containers": {"cna": {"title": "libcupsfilters's cfGetPrinterAttributes5 does not validate IPP attributes returned from an IPP server", "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "lang": "en", "description": "CWE-20: Improper Input Validation", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5"}, {"name": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8", "tags": ["x_refsource_MISC"], "url": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8"}, {"name": "https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47", "tags": ["x_refsource_MISC"], "url": "https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47"}, {"name": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6", "tags": ["x_refsource_MISC"], "url": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6"}, {"name": "https://www.cups.org", "tags": ["x_refsource_MISC"], "url": "https://www.cups.org"}, {"name": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I", "tags": ["x_refsource_MISC"], "url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I"}], "affected": [{"vendor": "OpenPrinting", "product": "libcupsfilters", "versions": [{"version": "<= 2.1b1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-09-26T22:01:09.793Z"}, "descriptions": [{"lang": "en", "value": "CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system."}], "source": {"advisory": "GHSA-w63j-6g73-wmg5", "discovery": "UNKNOWN"}}, "adp": [{"affected": [{"vendor": "openprinting", "product": "libcupsfilters", "cpes": ["cpe:2.3:a:openprinting:libcupsfilters:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.1b1", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-27T00:00:00+00:00", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2024-47076"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-28T03:55:45.705Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-09-27T19:40:44.986Z"}, "references": [{"url": "https://github.com/OpenPrinting/libcupsfilters/commit/95576ec3d20c109332d14672a807353cdc551018"}], "title": "CVE Program Container", "x_generator": {"engine": "ADPogram 0.0.1"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/OpenPrinting/libcupsfilters/commit/95576ec3d20c109332d14672a807353cdc551018"}], "x_generator": {"engine": "ADPogram 0.0.1"}, "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-09-27T19:40:44.986Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-47076", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-27T17:59:05.883824Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:openprinting:libcupsfilters:*:*:*:*:*:*:*:*"], "vendor": "openprinting", "product": "libcupsfilters", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "2.1b1"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-27T18:03:19.816Z"}}], "cna": {"title": "libcupsfilters's cfGetPrinterAttributes5 does not validate IPP attributes returned from an IPP server", "source": {"advisory": "GHSA-w63j-6g73-wmg5", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "OpenPrinting", "product": "libcupsfilters", "versions": [{"status": "affected", "version": "<= 2.1b1"}]}], "references": [{"url": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5", "name": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8", "name": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47", "name": "https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6", "name": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6", "tags": ["x_refsource_MISC"]}, {"url": "https://www.cups.org", "name": "https://www.cups.org", "tags": ["x_refsource_MISC"]}, {"url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I", "name": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20: Improper Input Validation"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-09-26T22:01:09.793Z"}}}, "cveMetadata": {"cveId": "CVE-2024-47076", "state": "PUBLISHED", "dateUpdated": "2024-09-28T03:55:45.705Z", "dateReserved": "2024-09-17T17:42:37.030Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-09-26T21:18:22.067Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"descriptions": [{"lang": "en", "value": "CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system."}, {"lang": "es", "value": "CUPS es un sistema de impresi\u00f3n de c\u00f3digo abierto basado en est\u00e1ndares, y `libcupsfilters` contiene el c\u00f3digo de los filtros del antiguo paquete `cups-filters` como funciones de librer\u00eda que se utilizar\u00e1n para las tareas de conversi\u00f3n de formato de datos necesarias en las aplicaciones de impresora. La funci\u00f3n `cfGetPrinterAttributes5` en `libcupsfilters` no desinfecta los atributos IPP devueltos desde un servidor IPP. Cuando estos atributos IPP se utilizan, por ejemplo, para generar un archivo PPD, esto puede provocar que se proporcionen datos controlados por un atacante al resto del sistema CUPS."}], "id": "CVE-2024-47076", "lastModified": "2024-11-21T09:39:23.823", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-09-26T22:15:04.063", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8"}, {"source": "security-advisories@github.com", "url": "https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-p9rh-jxmq-gq47"}, {"source": "security-advisories@github.com", "url": "https://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5"}, {"source": "security-advisories@github.com", "url": "https://github.com/OpenPrinting/libppd/security/advisories/GHSA-7xfx-47qg-grp6"}, {"source": "security-advisories@github.com", "url": "https://www.cups.org"}, {"source": "security-advisories@github.com", "url": "https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://github.com/OpenPrinting/libcupsfilters/commit/95576ec3d20c109332d14672a807353cdc551018"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2024:7551", "cpe": "cpe:/o:redhat:rhel_aus:7.7", "package": "cups-filters-0:1.0.35-26.el7_7.3", "product_name": "Red Hat Enterprise Linux 7.7 Advanced Update Support", "release_date": "2024-10-02T00:00:00Z"}, {"advisory": "RHSA-2024:7553", "cpe": "cpe:/o:redhat:rhel_els:7", "package": "cups-filters-0:1.0.35-29.el7_9.3", "product_name": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date": "2024-10-02T00:00:00Z"}, {"advisory": "RHSA-2024:7463", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "cups-filters-0:1.20.0-35.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2024-10-01T00:00:00Z"}, {"advisory": "RHSA-2024:7461", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "cups-filters-0:1.20.0-19.el8_2.2", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2024-10-01T00:00:00Z"}, {"advisory": "RHSA-2024:7504", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "cups-filters-0:1.20.0-24.el8_4.2", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2024-10-02T00:00:00Z"}, {"advisory": "RHSA-2024:7504", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "cups-filters-0:1.20.0-24.el8_4.2", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2024-10-02T00:00:00Z"}, {"advisory": "RHSA-2024:7504", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "cups-filters-0:1.20.0-24.el8_4.2", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2024-10-02T00:00:00Z"}, {"advisory": "RHSA-2024:7623", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "cups-filters-0:1.20.0-27.el8_6.3", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2024-10-03T00:00:00Z"}, {"advisory": "RHSA-2024:7623", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "cups-filters-0:1.20.0-27.el8_6.3", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2024-10-03T00:00:00Z"}, {"advisory": "RHSA-2024:7623", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "cups-filters-0:1.20.0-27.el8_6.3", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2024-10-03T00:00:00Z"}, {"advisory": "RHSA-2024:7462", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "cups-filters-0:1.20.0-29.el8_8.3", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2024-10-01T00:00:00Z"}, {"advisory": "RHSA-2024:7346", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "cups-filters-0:1.28.7-17.el9_4", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2024-09-27T00:00:00Z"}, {"advisory": "RHSA-2024:7506", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "cups-filters-0:1.28.7-10.el9_0.2", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2024-10-02T00:00:00Z"}, {"advisory": "RHSA-2024:7503", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "cups-filters-0:1.28.7-11.el9_2.2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2024-10-02T00:00:00Z"}], "bugzilla": {"description": "cups-filters: libcupsfilters: `cfGetPrinterAttributes` API does not perform sanitization on returned IPP attributes", "id": "2314253", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2314253"}, "csaw": true, "cvss3": {"cvss3_base_score": "8.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", "status": "verified"}, "cwe": "CWE-20", "details": ["CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format conversion tasks needed in Printer Applications. The `cfGetPrinterAttributes5` function in `libcupsfilters` does not sanitize IPP attributes returned from an IPP server. When these IPP attributes are used, for instance, to generate a PPD file, this can lead to attacker controlled data to be provided to the rest of the CUPS system.", "A flaw was found in OpenPrinting CUPS. In certain conditions, a remote attacker can add a malicious printer or directly hijack an existing printer by replacing the valid IPP URL with a malicious one. Also, it is possible that due to a lack of validation of IPP attributes returned by the server, this issue allows attacker-controlled data to be used on the rest of the CUPS system."], "mitigation": {"lang": "en:us", "value": "See the security bulletin for a detailed mitigation procedure."}, "name": "CVE-2024-47076", "public_date": "2024-09-26T20:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-47076\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-47076\nhttps://github.com/OpenPrinting/libcupsfilters/security/advisories/GHSA-w63j-6g73-wmg5/\nhttps://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/"], "threat_severity": "Important"}