VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-mcku-bbta-aaam

Essentials
Severities (93)
References (17)
Severity details (8)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-mcku-bbta-aaam
Aliases	CVE-2023-32324
Summary	OpenPrinting CUPS is an open source printing system. In versions 2.4.2 and prior, a heap buffer overflow vulnerability would allow a remote attacker to launch a denial of service (DoS) attack. A buffer overflow vulnerability in the function `format_log_line` could allow remote attackers to cause a DoS on the affected system. Exploitation of the vulnerability can be triggered when the configuration file `cupsd.conf` sets the value of `loglevel `to `DEBUG`. No known patches or workarounds exist at time of publication.
Status	Published
Exploitability	0.5
Weighted Severity	6.8
Risk	3.4
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-787	Out-of-bounds Write
CWE-119	Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-122	Heap-based Buffer Overflow

System	Score	Found at
cvssv3	5.9	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32324.json
epss	0.00076	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00079	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00079	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00112	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00112	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00282	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.0029	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.0029	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.0029	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.0029	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.0029	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.0029	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.0029	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.0029	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.0029	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.0029	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.0029	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.0029	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.0029	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.0029	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.0029	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00364	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00364	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00364	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00364	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00364	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00364	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00364	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00364	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00364	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00364	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00364	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00364	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00364	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.00364	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
epss	0.01084	https://api.first.org/data/v1/epss?cve=CVE-2023-32324
cvssv3.1	5.9	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	7.5	https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7
ssvc	Track	https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7
cvssv3.1	7.5	https://lists.debian.org/debian-lts-announce/2023/06/msg00001.html
ssvc	Track	https://lists.debian.org/debian-lts-announce/2023/06/msg00001.html
cvssv3	5.5	https://nvd.nist.gov/vuln/detail/CVE-2023-32324
cvssv3.1	5.5	https://nvd.nist.gov/vuln/detail/CVE-2023-32324

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32324.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-32324
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32324
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7
		https://lists.debian.org/debian-lts-announce/2023/06/msg00001.html
2209603		https://bugzilla.redhat.com/show_bug.cgi?id=2209603
cpe:2.3:a:openprinting:cups::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openprinting:cups::::::::
cpe:2.3:o:debian:debian_linux:10.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:::::::*
CVE-2023-32324		https://nvd.nist.gov/vuln/detail/CVE-2023-32324
GLSA-202402-17		https://security.gentoo.org/glsa/202402-17
RHSA-2023:6596		https://access.redhat.com/errata/RHSA-2023:6596
RHSA-2023:7165		https://access.redhat.com/errata/RHSA-2023:7165
RHSA-2024:1101		https://access.redhat.com/errata/RHSA-2024:1101
RHSA-2024:1409		https://access.redhat.com/errata/RHSA-2024:1409
USN-6128-1		https://usn.ubuntu.com/6128-1/
USN-6128-2		https://usn.ubuntu.com/6128-2/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-32324.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-08T21:43:15Z/ Found at https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.debian.org/debian-lts-announce/2023/06/msg00001.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-08T21:43:15Z/ Found at https://lists.debian.org/debian-lts-announce/2023/06/msg00001.html

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-32324

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-32324

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.33856
EPSS Score	0.00076
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.