We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. `cups-browsed` binds to `INADDR_ANY:631`, causing it to trust any packet from any source, and can cause the `Get-Printer-Attributes` IPP request to an attacker controlled URL. When combined with other vulnerabilities, such as CVE-2024-47076, CVE-2024-47175, and CVE-2024-47177, an attacker can execute arbitrary commands remotely on the target machine without authentication when a malicious printer is printed to.
Reserved 2024-09-19 | Published 2024-09-26 | Updated 2024-10-02 | Assigner GitHub_MCWE-1327: Binding to an Unrestricted IP Address
github.com/...rowsed/security/advisories/GHSA-rj88-6mr5-rcw8
github.com/...ilters/security/advisories/GHSA-p9rh-jxmq-gq47
github.com/...ilters/security/advisories/GHSA-w63j-6g73-wmg5
github.com/...libppd/security/advisories/GHSA-7xfx-47qg-grp6
github.com/...cups-browsed/blob/master/daemon/cups-browsed.c
www.evilsocket.net/...Attacking-UNIX-systems-via-CUPS-Part-I
Support options