Zero-day RCE vulnerability found in CUPS - Common UNIX Printing System
On September 27, 2024, a zero-day vulnerability was discovered in the Common UNIX Printing System (CUPS), which can allow for arbitrary remote code execution (RCE). There are currently four CVEs associated with these findings, with potentially more on the way. The severity of these vulnerabilities is debated, but one has been assigned a CVSS score of 9.9. These vulnerabilities impact downstream packages cups-browsed, libcupsfilters, cups-filters, and libppd. CUPS has been part of UNIX and Linux operating systems since 1999 and is widely distributed with many UNIX and Linux distributions, Apple, Windows, and other operating systems. Snyk can detect the vulnerabilities in both Snyk Open Source and Snyk Container, providing guidance on remediation and prioritization of fixes.
Company
Snyk
Date published
Sept. 27, 2024
Author(s)
Jim Armstrong
Word count
1224
Language
English
Hacker News points
None found.