CVE-2023-34241: Use After Free
First published: Wed Jun 14 2023(Updated: )
Apple CUPS is vulnerable to a denial of service, caused by a use-after-free in cupsdAcceptClient(). By reading the log, a local attacker could exploit this vulnerability to exfiltrate private keys and info from a privileged cups daemon or cause the application to crash.
Credit: Sei K. Sei K. Sei K. security-advisories@github.com security-advisories@github.com security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OpenPrinting CUPS | >=2.2.0<2.4.6 | |
| Fedoraproject Fedora | =38 | |
| ubuntu/cups | <2.2.7-1ubuntu2.10+ | 2.2.7-1ubuntu2.10+ |
| ubuntu/cups | <2.1.3-4ubuntu0.11+ | 2.1.3-4ubuntu0.11+ |
| ubuntu/cups | <2.3.1-9ubuntu1.4 | 2.3.1-9ubuntu1.4 |
| ubuntu/cups | <2.4.1 | 2.4.1 |
| ubuntu/cups | <2.4.2-1ubuntu2.2 | 2.4.2-1ubuntu2.2 |
| ubuntu/cups | <2.4.2-3ubuntu2.2 | 2.4.2-3ubuntu2.2 |
| debian/cups | <=2.2.10-6+deb10u6<=2.3.3op2-3+deb11u2 | 2.2.10-6+deb10u9 2.3.3op2-3+deb11u6 2.4.2-3+deb12u5 2.4.7-1 |
| Fedoraproject Fedora | =37 | |
| Debian Debian Linux | =10.0 | |
| Apple macOS | <11.7.9 | |
| Apple macOS | >=12.0.0<12.6.8 | |
| Apple macOS | >=13.0<13.5 | |
| Apple macOS Big Sur | <11.7.9 | 11.7.9 |
| Apple macOS Ventura | <13.5 | 13.5 |
| Apple macOS Monterey | <12.6.8 | 12.6.8 |
| IBM QRadar SIEM | <=7.5 - 7.5.0 UP8 IF01 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2023/06/23/10
- http://www.openwall.com/lists/oss-security/2023/06/26/1
- https://github.com/OpenPrinting/cups/commit/9809947a959e18409dcf562a3466ef246cb90cb2
- https://github.com/OpenPrinting/cups/releases/tag/v2.4.6
- https://github.com/OpenPrinting/cups/security/advisories/GHSA-qjgh-5hcq-5f25
- https://lists.debian.org/debian-lts-announce/2023/06/msg00038.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7I7DWGYGEMBNLZF5UQBMF3SONR37YUBN/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TBIYKDS3UG3W4Z7YOHTR2AWFNBRYPNYY/
- https://support.apple.com/kb/HT213843
- https://support.apple.com/kb/HT213844
- https://support.apple.com/kb/HT213845
- https://launchpad.net/bugs/cve/CVE-2023-34241
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34241
- https://ubuntu.com/security/notices/USN-6184-1
- https://ubuntu.com/security/notices/USN-6184-2
- https://nvd.nist.gov/vuln/detail/CVE-2023-34241
- https://security-tracker.debian.org/tracker/CVE-2023-34241
- https://ubuntu.com/security/CVE-2023-34241
- https://www.openwall.com/lists/oss-security/2023/06/22/4
- https://github.com/OpenPrinting/cups/commit/996acce8760c538b9fee69c99f274ffc27744386#diff-ea18088a3c3df78fec37244a94c58754b6e5cb7fbfd7066f6124de51a73c284d
- https://support.apple.com/en-us/HT213845 (Advisory)
- https://support.apple.com/en-us/HT213843 (Advisory)
- https://support.apple.com/en-us/HT213844 (Advisory)
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2216717
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2216718
- https://access.redhat.com/errata/RHSA-2023:6596
- https://access.redhat.com/errata/RHSA-2023:7165
- https://access.redhat.com/errata/RHSA-2024:1101
- https://access.redhat.com/errata/RHSA-2024:1409
- https://bugzilla.redhat.com/show_bug.cgi?id=2214914
- https://exchange.xforce.ibmcloud.com/vulnerabilities/258674
- https://www.ibm.com/support/pages/node/7150684 (Advisory)
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2023-40442
- CVE-2023-34425
- CVE-2023-32364
- CVE-2023-35983
- CVE-2023-40392
- CVE-2023-34241
- CVE-2023-28319
- CVE-2023-28320
- CVE-2023-28321
- CVE-2023-28322
- CVE-2023-41990
- CVE-2023-36854
- CVE-2023-32418
- CVE-2023-32381
- CVE-2023-32433
- CVE-2023-35993
- CVE-2023-38603
- CVE-2023-38590
- CVE-2023-38598
- CVE-2023-37285
- CVE-2023-38604
- CVE-2023-38606
- CVE-2023-32441
- CVE-2023-38565
- CVE-2023-38593
- CVE-2023-38571
- CVE-2023-29491
- CVE-2023-38601
- CVE-2023-32444
- CVE-2023-2953
- CVE-2023-42829
- CVE-2023-38259
- CVE-2023-38602
- CVE-2023-42831
- CVE-2023-32443
- CVE-2023-42832
- CVE-2023-32422
- CVE-2023-32429
- CVE-2023-1801
- CVE-2023-2426
- CVE-2023-2609
- CVE-2023-2610
- CVE-2023-40439
- CVE-2023-38616
- CVE-2023-38580
- CVE-2023-36862
- CVE-2023-42828
- CVE-2023-32416
- CVE-2023-40437
- CVE-2022-3970
- CVE-2023-28200
- CVE-2023-36495
- CVE-2023-32734
- CVE-2023-38261
- CVE-2023-38424
- CVE-2023-38425
- CVE-2023-38410
- CVE-2023-40440
- CVE-2023-38258
- CVE-2023-38421
- CVE-2023-1916
- CVE-2023-38609
- CVE-2023-38564
- CVE-2023-32442
- CVE-2023-32654
- CVE-2023-38608
- CVE-2023-38605
- CVE-2023-40397
- CVE-2023-38572
- CVE-2023-38599
- CVE-2023-32445
- CVE-2023-38592
- CVE-2023-38594
- CVE-2023-38595
- CVE-2023-38600
- CVE-2023-38611
- CVE-2023-37450
- CVE-2023-42866
- CVE-2023-38597
- CVE-2023-38133
Frequently Asked Questions
What is CVE-2023-34241?
CVE-2023-34241 is a logic issue in OpenPrinting CUPS that has been addressed with improved state management.
What is the severity of CVE-2023-34241?
The severity of CVE-2023-34241 is high with a CVSS Score of 7.1.
How does CVE-2023-34241 affect OpenPrinting CUPS?
CVE-2023-34241 affects OpenPrinting CUPS versions earlier than 2.4.6.
How can I fix CVE-2023-34241 in OpenPrinting CUPS?
To fix CVE-2023-34241 in OpenPrinting CUPS, update to version 2.4.6 or later.
Are there any official references for CVE-2023-34241?
Yes, you can find official references for CVE-2023-34241 at the following links: - [GitHub Commit](https://github.com/OpenPrinting/cups/commit/9809947a959e18409dcf562a3466ef246cb90cb2) - [GitHub Release](https://github.com/OpenPrinting/cups/releases/tag/v2.4.6) - [OpenPrinting CUPS Security Advisory](https://github.com/OpenPrinting/cups/security/advisories/GHSA-qjgh-5hcq-5f25)
- collector/nvd-index
- agent/type
- agent/remedy
- collector/launchpad-cve
- source/Launchpad
- agent/softwarecombine
- collector/usn-cve
- source/Ubuntu
- agent/software-canonical-lookup
- collector/security-tracker-debian
- source/Debian
- collector/nvd-cve
- source/NVD
- collector/apple-support
- source/Apple
- agent/software-canonical-lookup-request
- agent/author
- agent/severity
- agent/weakness
- agent/first-publish-date
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-34241
- agent/last-modified-date
- agent/references
- agent/tags
- collector/nvd-api
- collector/ibm-support
- source/IBM
- vendor/openprinting
- canonical/openprinting cups
- version/openprinting cups/2.2.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/38
- package-manager/ubuntu
- package-manager/debian
- version/fedoraproject fedora/37
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/10.0
- vendor/apple
- canonical/apple macos
- version/apple macos/12.0.0
- version/apple macos/13.0
- canonical/apple macos big sur
- canonical/apple macos ventura
- canonical/apple macos monterey
- vendor/ibm
- canonical/ibm qradar siem
- version/ibm qradar siem/7.5 - 7.5.0 up8 if01