CVE-2024-47850

NameCVE-2024-47850
DescriptionCUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. (The request is meant to probe the new printer but can be used to create DDoS amplification attacks.)
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
cups-filters (PTS)jessie, jessie (lts)1.0.61-5+deb8u5vulnerable
stretch (security)1.11.6-3+deb9u1vulnerable
stretch (lts), stretch1.11.6-3+deb9u3vulnerable
buster, buster (lts)1.21.6-5+deb10u2vulnerable
buster (security)1.21.6-5+deb10u1vulnerable
bullseye1.28.7-1+deb11u2vulnerable
bullseye (security)1.28.7-1+deb11u3vulnerable
bookworm (security), bookworm1.28.17-3+deb12u1vulnerable
sid, trixie1.28.17-5vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
cups-filterssource(unstable)(unfixed)

Notes

[bookworm] - cups-filters <ignored> (Mitigated with fixes around CVE-2024-47076, CVE-2024-47175 and CVE-2024-47176)
[bullseye] - cups-filters <ignored> (Mitigated with fixes around CVE-2024-47076, CVE-2024-47175 and CVE-2024-47176)
https://www.akamai.com/blog/security-research/october-cups-ddos-threat
https://www.openwall.com/lists/oss-security/2024/10/04/1
https://github.com/advisories/GHSA-phc2-g348-384g
[buster] - cups-filters <ignored> (Mitigated with fixes around CVE-2024-47076, CVE-2024-47175 and CVE-2024-47176)
[stretch] - cups-filters <ignored> (Mitigated with fixes around CVE-2024-47076, CVE-2024-47175 and CVE-2024-47176)
[jessie] - cups-filters <ignored> (Mitigated with fixes around CVE-2024-47076, CVE-2024-47175 and CVE-2024-47176)
Search for package or bug name: Reporting problems