Vulnerability Details : CVE-2008-0882
Double free vulnerability in the process_browse_data function in CUPS 1.3.5 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via crafted UDP Browse packets to the cupsd port (631/udp), related to an unspecified manipulation of a remote printer. NOTE: some of these details are obtained from third party information.
Vulnerability category: OverflowMemory CorruptionExecute codeDenial of service
Products affected by CVE-2008-0882
- cpe:2.3:a:cups:cups:1.3.5:*:*:*:*:*:*:*
Threat overview for CVE-2008-0882
Top countries where our scanners detected CVE-2008-0882
Top open port discovered on systems with this issue
631
IPs affected by CVE-2008-0882 1
Find out if you* are
affected by CVE-2008-0882!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2008-0882
17.57%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-0882
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
CWE ids for CVE-2008-0882
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-0882
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:051
Mandriva
-
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00792.html
[SECURITY] Fedora 8 Update: cups-1.3.6-2.fc8
-
http://security.gentoo.org/glsa/glsa-200804-01.xml
CUPS: Multiple vulnerabilities (GLSA 200804-01) — Gentoo security
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:050
Mandriva
-
http://www.securityfocus.com/bid/27906
-
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
-
http://www.debian.org/security/2008/dsa-1530
[SECURITY] [DSA 1530-1] New cupsys packages fix multiple vulnerabilities
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9625
404 Not Found
-
http://www.cups.org/str.php?L2656
Page Has Moved - CUPS.org
-
http://www.ubuntu.com/usn/usn-598-1
USN-598-1: CUPS vulnerabilities | Ubuntu security notices | Ubuntu
-
http://www.securitytracker.com/id?1019473
Access Denied
-
http://www.vupen.com/english/advisories/2008/0623
Site en construction
-
http://docs.info.apple.com/article.html?artnum=307562
-
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00832.html
[SECURITY] Fedora 7 Update: cups-1.2.12-9.fc7
-
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00000.html
[security-announce] SUSE Security Announcement: cups (SUSE-SA:2008:012) - openSUSE Security Announce - openSUSE Mailing Lists
-
http://www.redhat.com/support/errata/RHSA-2008-0157.html
Support
-
https://bugzilla.redhat.com/show_bug.cgi?id=433758
433758 – (CVE-2008-0882) CVE-2008-0882 cups: double free vulnerability in process_browse_data()
-
http://www.vupen.com/english/advisories/2008/0924/references
Webmail: access your OVH emails on ovhcloud.com | OVHcloud
Jump to