A vulnerability was found in CUPS. This issue occurs due to logging data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data immediately before the connection closed, resulting in a use-after-free in cupsdAcceptClient() in scheduler/client.c
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | cups | 2023-07-05 21:44 | ALAS-2023-1777 |
Amazon Linux 2 - Core | cups | 2023-07-05 22:01 | ALAS2-2023-2109 |
Amazon Linux 2023 | cups | 2023-07-05 20:13 | ALAS2023-2023-235 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv3 | 5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
NVD | CVSSv3 | 5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |