CVE-2024-47850

NameCVE-2024-47850
DescriptionCUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. (The request is meant to probe the new printer but can be used to create DDoS amplification attacks.)
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
cups-filters (PTS)bullseye1.28.7-1+deb11u2vulnerable
bullseye (security)1.28.7-1+deb11u3vulnerable
bookworm1.28.17-3vulnerable
bookworm (security)1.28.17-3+deb12u1vulnerable
sid, trixie1.28.17-5vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
cups-filterssource(unstable)(unfixed)

Notes

[bookworm] - cups-filters <ignored> (Mitigated with fixes around CVE-2024-47076, CVE-2024-47175 and CVE-2024-47176)
[bullseye] - cups-filters <ignored> (Mitigated with fixes around CVE-2024-47076, CVE-2024-47175 and CVE-2024-47176)
https://www.akamai.com/blog/security-research/october-cups-ddos-threat
https://www.openwall.com/lists/oss-security/2024/10/04/1
https://github.com/advisories/GHSA-phc2-g348-384g

Search for package or bug name: Reporting problems