CVE-2023-32324
medium
CVSS v3
β
CVSS v4 NEW
β
VIR risk
5.5
Description
RHSA-2023:7165: cups security and bug fix update (Moderate)
Predictions
Exploit likelihood
20%
Patch ETA
β
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Mitigation details
Source: Red Hat Errata β Red Hat Inc. Β· View original β Β· Open-Errata-API
Description cups: heap buffer overflow may lead to DoS CVSS v3: 5.9 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) Errata / fixed releases ProductPackageAdvisoryReleased Red Hat Enterprise Linux 8cups-1:2.2.6-54.el8_9RHSA-2023:71652023-11-14T00:00:00Z Red Hat Enterprise Linux 8cups-1:2.2.6-54.el8_9RHSA-2023:71652023-11-14T00:00:00Z Red Hat Enterprise Linux 8.6 Extended Updateβ¦
Description
cups: heap buffer overflow may lead to DoS
CVSS v3: 5.9 (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
Errata / fixed releases
| Product | Package | Advisory | Released |
|---|---|---|---|
| Red Hat Enterprise Linux 8 | cups-1:2.2.6-54.el8_9 | RHSA-2023:7165 | 2023-11-14T00:00:00Z |
| Red Hat Enterprise Linux 8 | cups-1:2.2.6-54.el8_9 | RHSA-2023:7165 | 2023-11-14T00:00:00Z |
| Red Hat Enterprise Linux 8.6 Extended Update Support | cups-1:2.2.6-45.el8_6.4 | RHSA-2024:1101 | 2024-03-05T00:00:00Z |
| Red Hat Enterprise Linux 8.8 Extended Update Support | cups-1:2.2.6-51.el8_8.3 | RHSA-2024:1409 | 2024-03-19T00:00:00Z |
| Red Hat Enterprise Linux 9 | cups-1:2.3.3op2-21.el9 | RHSA-2023:6596 | 2023-11-07T00:00:00Z |
| Red Hat Enterprise Linux 9 | cups-1:2.3.3op2-21.el9 | RHSA-2023:6596 | 2023-11-07T00:00:00Z |
Package state
| Product | Package | State |
|---|---|---|
| Red Hat Enterprise Linux 6 | cups | Out of support scope |
| Red Hat Enterprise Linux 7 | cups | Will not fix |
Apply commands
Apply RHSA-2023:7165 for Red Hat Enterprise Linux 8
yum update -y cups
# or:
dnf upgrade -y cupsOS impact
SUSE Affected 1 release
| Version | Status | Fixed in |
|---|---|---|
| β | Affected | β |
AlmaLinux Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | cups-devel-2.3.3op2-21.el9.aarch64.rpm |
Debian Fixed 5 releases
| Version | Status | Fixed in |
|---|---|---|
| trixie | Fixed | 2.4.2-4 |
| sid | Fixed | 2.4.2-4 |
| forky | Fixed | 2.4.2-4 |
| bullseye | Fixed | 2.3.3op2-3+deb11u3 |
| bookworm | Fixed | 2.4.2-3+deb12u1 |
Red Hat Fixed 2 releases
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | β |
| 8 | Fixed | β |
References
- https://access.redhat.com/errata/RHSA-2023:6596
- https://security-tracker.debian.org/tracker/CVE-2023-32324
- https://www.suse.com/security/cve/CVE-2023-32324.html
- https://access.redhat.com/errata/RHSA-2023:7165
- https://bugzilla.redhat.com/2209603
- https://bugzilla.redhat.com/2214914
- https://errata.almalinux.org/8/ALSA-2023-7165.html
- https://errata.almalinux.org/9/ALSA-2023-6596.html
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.