/plushcap/analysis/snyk/snyk-zero-day-rce-in-cups-vulnerability-sept-2024

Zero-day RCE vulnerability found in CUPS - Common UNIX Printing System

What's this blog post about?

On September 27, 2024, a zero-day vulnerability was discovered in the Common UNIX Printing System (CUPS), which can allow for arbitrary remote code execution (RCE). There are currently four CVEs associated with these findings, with potentially more on the way. The severity of these vulnerabilities is debated, but one has been assigned a CVSS score of 9.9. These vulnerabilities impact downstream packages cups-browsed, libcupsfilters, cups-filters, and libppd. CUPS has been part of UNIX and Linux operating systems since 1999 and is widely distributed with many UNIX and Linux distributions, Apple, Windows, and other operating systems. Snyk can detect the vulnerabilities in both Snyk Open Source and Snyk Container, providing guidance on remediation and prioritization of fixes.

Company
Snyk

Date published
Sept. 27, 2024

Author(s)
Jim Armstrong

Word count
1224

Language
English

Hacker News points
None found.


By Matt Makai. 2021-2024.