CVE-2023-0856 : Buffer overflow in IPP sides attribute process of Office / Small Office Multifun

Buffer overflow in IPP sides attribute process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. *:Satera LBP660C Series/LBP620C Series/MF740C Series/MF640C Series firmware Ver.11.04 and earlier sold in Japan. Color imageCLASS LBP660C Series/LBP 620C Series/X LBP1127C/MF740C Series/MF640C Series/X MF1127C firmware Ver.11.04 and earlier sold in US. i-SENSYS LBP660C Series/LBP620C Series/MF740C Series/MF640C Series, C1127P, C1127iF, C1127i firmware Ver.11.04 and earlier sold in Europe.

Published 2023-05-11 13:15:13

Updated 2023-05-20 00:43:55

Source MITRE

View at NVD, CVE.org

Vulnerability category: OverflowMemory CorruptionExecute code

Products affected by CVE-2023-0856

Canon » Mf1127c Firmware
Versions up to, including, (<=) 11.04
cpe:2.3:o:canon:mf1127c_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Canon » Mf1127c » Version: N/A
Canon » Mf641cw Firmware
Versions up to, including, (<=) 11.04
cpe:2.3:o:canon:mf641cw_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Canon » Mf641cw » Version: N/A
Canon » Mf642cdw Firmware
Versions up to, including, (<=) 11.04
cpe:2.3:o:canon:mf642cdw_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Canon » Mf642cdw » Version: N/A
Canon » Mf644cdw Firmware
Versions up to, including, (<=) 11.04
cpe:2.3:o:canon:mf644cdw_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Canon » Mf644cdw » Version: N/A
Canon » Mf741cdw Firmware
Versions up to, including, (<=) 11.04
cpe:2.3:o:canon:mf741cdw_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Canon » Mf741cdw » Version: N/A
Canon » Mf743cdw Firmware
Versions up to, including, (<=) 11.04
cpe:2.3:o:canon:mf743cdw_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Canon » Mf743cdw » Version: N/A
Canon » Mf745cdw Firmware
Versions up to, including, (<=) 11.04
cpe:2.3:o:canon:mf745cdw_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Canon » Mf745cdw » Version: N/A
Canon » Mf746cdw Firmware
Versions up to, including, (<=) 11.04
cpe:2.3:o:canon:mf746cdw_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Canon » Mf746cdw » Version: N/A
Canon » Lbp1127c Firmware
Versions up to, including, (<=) 11.04
cpe:2.3:o:canon:lbp1127c_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Canon » Lbp1127c » Version: N/A
Canon » Lbp622cdw Firmware
Versions up to, including, (<=) 11.04
cpe:2.3:o:canon:lbp622cdw_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Canon » Lbp622cdw » Version: N/A
Canon » Lbp623cdw Firmware
Versions up to, including, (<=) 11.04
cpe:2.3:o:canon:lbp623cdw_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Canon » Lbp623cdw » Version: N/A
Canon » Lbp664cdw Firmware
Versions up to, including, (<=) 11.04
cpe:2.3:o:canon:lbp664cdw_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Canon » Lbp664cdw » Version: N/A
Canon » Lbp621c Firmware
Versions up to, including, (<=) 11.04
cpe:2.3:o:canon:lbp621c_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Canon » Lbp621c » Version: N/A
Canon » Lbp622c Firmware
Versions up to, including, (<=) 11.04
cpe:2.3:o:canon:lbp622c_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Canon » Lbp622c » Version: N/A
Canon » Lbp661c Firmware
Versions up to, including, (<=) 11.04
cpe:2.3:o:canon:lbp661c_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Canon » Lbp661c » Version: N/A
Canon » Lbp662c Firmware
Versions up to, including, (<=) 11.04
cpe:2.3:o:canon:lbp662c_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Canon » Lbp662c » Version: N/A
Canon » Lbp664c Firmware
Versions up to, including, (<=) 11.04
cpe:2.3:o:canon:lbp664c_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Canon » Lbp664c » Version: N/A
Canon » Mf262dw Ii Firmware
Versions up to, including, (<=) 11.04
cpe:2.3:o:canon:mf262dw_ii_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Canon » Mf262dw Ii » Version: N/A
Canon » Mf264dw Ii Firmware
Versions up to, including, (<=) 11.04
cpe:2.3:o:canon:mf264dw_ii_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Canon » Mf264dw Ii » Version: N/A
Canon » Mf267dw Ii Firmware
Versions up to, including, (<=) 11.04
cpe:2.3:o:canon:mf267dw_ii_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Canon » Mf267dw Ii » Version: N/A
Canon » Mf269dw Ii Firmware
Versions up to, including, (<=) 11.04
cpe:2.3:o:canon:mf269dw_ii_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Canon » Mf269dw Ii » Version: N/A
Canon » Mf269dw Vp Ii Firmware
Versions up to, including, (<=) 11.04
cpe:2.3:o:canon:mf269dw_vp_ii_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Canon » Mf269dw Vp Ii » Version: N/A
Canon » Mf272dw Firmware
Versions up to, including, (<=) 11.04
cpe:2.3:o:canon:mf272dw_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Canon » Mf272dw » Version: N/A
Canon » Mf273dw Firmware
Versions up to, including, (<=) 11.04
cpe:2.3:o:canon:mf273dw_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Canon » Mf273dw » Version: N/A
Canon » Mf275dw Firmware
Versions up to, including, (<=) 11.04
cpe:2.3:o:canon:mf275dw_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Canon » Mf275dw » Version: N/A
Canon » Lbp122dw Firmware
Versions up to, including, (<=) 11.04
cpe:2.3:o:canon:lbp122dw_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Canon » Lbp122dw » Version: N/A
Canon » Imageprograf Tc-20 Firmware
Versions up to, including, (<=) 11.04
cpe:2.3:o:canon:imageprograf_tc-20_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Canon » Imageprograf Tc-20 » Version: N/A
Canon » Imageprograf Tc-20m Firmware
Versions up to, including, (<=) 11.04
cpe:2.3:o:canon:imageprograf_tc-20m_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Canon » Imageprograf Tc-20m » Version: N/A
Canon » Pixma G3270 Firmware
Versions up to, including, (<=) 11.04
cpe:2.3:o:canon:pixma_g3270_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Canon » Pixma G3270 » Version: N/A
Canon » Pixma G4270 Firmware
Versions up to, including, (<=) 11.04
cpe:2.3:o:canon:pixma_g4270_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Canon » Pixma G4270 » Version: N/A
Canon » Maxify Gx3020 Firmware
Versions up to, including, (<=) 11.04
cpe:2.3:o:canon:maxify_gx3020_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Canon » Maxify Gx3020 » Version: N/A
Canon » Maxify Gx4020 Firmware
Versions up to, including, (<=) 11.04
cpe:2.3:o:canon:maxify_gx4020_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Canon » Maxify Gx4020 » Version: N/A
Canon » I-sensys Lbp621cw Firmware
Versions up to, including, (<=) 11.04
cpe:2.3:o:canon:i-sensys_lbp621cw_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Canon » I-sensys Lbp621cw » Version: N/A
Canon » I-sensys Lbp623cdw Firmware
Versions up to, including, (<=) 11.04
cpe:2.3:o:canon:i-sensys_lbp623cdw_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Canon » I-sensys Lbp623cdw » Version: N/A
Canon » I-sensys Lbp633cdw Firmware
Versions up to, including, (<=) 11.04
cpe:2.3:o:canon:i-sensys_lbp633cdw_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Canon » I-sensys Lbp633cdw » Version: N/A
Canon » I-sensys Lbp664cx Firmware
Versions up to, including, (<=) 11.04
cpe:2.3:o:canon:i-sensys_lbp664cx_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Canon » I-sensys Lbp664cx » Version: N/A
Canon » I-sensys Mf641cw Firmware
Versions up to, including, (<=) 11.04
cpe:2.3:o:canon:i-sensys_mf641cw_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Canon » I-sensys Mf641cw » Version: N/A
Canon » I-sensys Mf643cdw Firmware
Versions up to, including, (<=) 11.04
cpe:2.3:o:canon:i-sensys_mf643cdw_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Canon » I-sensys Mf643cdw » Version: N/A
Canon » I-sensys Mf645cx Firmware
Versions up to, including, (<=) 11.04
cpe:2.3:o:canon:i-sensys_mf645cx_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Canon » I-sensys Mf645cx » Version: N/A
Canon » I-sensys Mf742cdw Firmware
Versions up to, including, (<=) 11.04
cpe:2.3:o:canon:i-sensys_mf742cdw_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Canon » I-sensys Mf742cdw » Version: N/A
Canon » I-sensys Mf744cdw Firmware
Versions up to, including, (<=) 11.04
cpe:2.3:o:canon:i-sensys_mf744cdw_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Canon » I-sensys Mf744cdw » Version: N/A
Canon » I-sensys Mf746cx Firmware
Versions up to, including, (<=) 11.04
cpe:2.3:o:canon:i-sensys_mf746cx_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Canon » I-sensys Mf746cx » Version: N/A
Canon » I-sensys X C1127i Firmware
Versions up to, including, (<=) 11.04
cpe:2.3:o:canon:i-sensys_x_c1127i_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Canon » I-sensys X C1127i » Version: N/A
Canon » I-sensys X C1127if Firmware
Versions up to, including, (<=) 11.04
cpe:2.3:o:canon:i-sensys_x_c1127if_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Canon » I-sensys X C1127if » Version: N/A
Canon » I-sensys X C1127p Firmware
Versions up to, including, (<=) 11.04
cpe:2.3:o:canon:i-sensys_x_c1127p_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Canon » I-sensys X C1127p » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2023-0856

EPSS FAQ

0.17%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 35 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-0856

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	MITRE
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2023-0856

CWE-121 Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

Assigned by: cve@mitre.org (Secondary)
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2023-0856

https://www.usa.canon.com/support/canon-product-advisories/Service-Notice-Vulnerabilities-Remediation-Against-Buffer-Overflow

Access Denied
Vendor Advisory

CVEs referencing this url
https://psirt.canon/advisory-information/cp2023-001/

CP2023-001 Vulnerabilities Mitigation/Remediation for Office / Small Office Multifunction Printers, Laser Printers and Inkjet Printers - Canon PSIRT
Vendor Advisory

CVEs referencing this url
https://www.canon-europe.com/support/product-security-latest-news/

Canon Product Security - Canon Europe
Vendor Advisory

CVEs referencing this url
https://canon.jp/support/support-info/230414vulnerability-response

スモールオフィス向け複合機、レーザービームプリンターおよびインクジェットプリンターに関する脆弱性対応について｜サポート｜キヤノン
Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2023-0856

Products affected by CVE-2023-0856

Exploit prediction scoring system (EPSS) score for CVE-2023-0856

CVSS scores for CVE-2023-0856

CWE ids for CVE-2023-0856

References for CVE-2023-0856