Stack-based buffer overflow in cups (Alpine package)

1) Stack-based buffer overflow

EUVDB-ID: #VU23042

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-8675

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing SNMP requests within the asn1_get_type() function in cups/snmp.c. A remote attacker can send a specially crafted SNMP request to the CUPS service, trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install update from vendor's website.

Vulnerable software versions

cups (Alpine package): 2.2.2-r0 - 2.2.11-r0

External links

http://git.alpinelinux.org/aports/commit/?id=6f2628e207c537c621826025430a496c75d391c6
http://git.alpinelinux.org/aports/commit/?id=a32e693da9e322310101b4bd200d87fc718477c9
http://git.alpinelinux.org/aports/commit/?id=1e85ba7cf47c73eaf15e950267dba27e92ae3d1d
http://git.alpinelinux.org/aports/commit/?id=64af49ed3e853123c696b85177fc35a89b132627
http://git.alpinelinux.org/aports/commit/?id=98a722f7fed8e0634558ab336f366a1212fb9b27
http://git.alpinelinux.org/aports/commit/?id=aab6fd6ad9335b5dcd7ffbb1541583e2f722114d
http://git.alpinelinux.org/aports/commit/?id=d76f1a5eb2c5b7d28084d2409d4c37b49a3892fe

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.