Risk | High |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2019-8696 |
CWE-ID | CWE-121 |
Exploitation vector | Local network |
Public exploit | N/A |
Vulnerable software Subscribe |
cups (Alpine package) Operating systems & Components / Operating system package or component |
Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one high risk vulnerability.
EUVDB-ID: #VU23040
Risk: High
CVSSv3.1: 7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-8696
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing SNMP requests within the asn1_get_packed() function in cups/snmp.c. A remote attacker with access to the the SNMP service can send a specially crafted request to the application, trigger a stack-based buffer oveflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionscups (Alpine package): 2.2.2-r0 - 2.2.11-r0
External linkshttp://git.alpinelinux.org/aports/commit/?id=6f2628e207c537c621826025430a496c75d391c6
http://git.alpinelinux.org/aports/commit/?id=a32e693da9e322310101b4bd200d87fc718477c9
http://git.alpinelinux.org/aports/commit/?id=1e85ba7cf47c73eaf15e950267dba27e92ae3d1d
http://git.alpinelinux.org/aports/commit/?id=64af49ed3e853123c696b85177fc35a89b132627
http://git.alpinelinux.org/aports/commit/?id=98a722f7fed8e0634558ab336f366a1212fb9b27
http://git.alpinelinux.org/aports/commit/?id=aab6fd6ad9335b5dcd7ffbb1541583e2f722114d
http://git.alpinelinux.org/aports/commit/?id=d76f1a5eb2c5b7d28084d2409d4c37b49a3892fe
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.