{"api_version":"1","generated_at":"2026-04-22T23:53:44+00:00","cve":"CVE-2023-34241","urls":{"html":"https://cve.report/CVE-2023-34241","api":"https://cve.report/api/cve/CVE-2023-34241.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-34241","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-34241"},"summary":{"title":"CVE-2023-34241","description":"OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data right before. This is a use-after-free bug that impacts the entire cupsd process.\n\nThe exact cause of this issue is the function `httpClose(con->http)` being called in `scheduler/client.c`. The problem is that httpClose always, provided its argument is not null, frees the pointer at the end of the call, only for cupsdLogClient to pass the pointer to httpGetHostname. This issue happens in function `cupsdAcceptClient` if LogLevel is warn or higher and in two scenarios: there is a double-lookup for the IP Address (HostNameLookups Double is set in `cupsd.conf`) which fails to resolve, or if CUPS is compiled with TCP wrappers and the connection is refused by rules from `/etc/hosts.allow` and `/etc/hosts.deny`.\n\nVersion 2.4.6 has a patch for this issue.","state":"PUBLIC","assigner":"security-advisories@github.com","published_at":"2023-06-22 23:15:00","updated_at":"2023-11-17 19:33:00"},"problem_types":["CWE-416"],"metrics":[],"references":[{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TBIYKDS3UG3W4Z7YOHTR2AWFNBRYPNYY/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TBIYKDS3UG3W4Z7YOHTR2AWFNBRYPNYY/","refsource":"MISC","tags":[],"title":"[SECURITY] Fedora 38 Update: cups-2.4.6-1.fc38 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/OpenPrinting/cups/commit/9809947a959e18409dcf562a3466ef246cb90cb2","name":"https://github.com/OpenPrinting/cups/commit/9809947a959e18409dcf562a3466ef246cb90cb2","refsource":"MISC","tags":[],"title":"Merge pull request from GHSA-qjgh-5hcq-5f25 · OpenPrinting/cups@9809947 · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://support.apple.com/kb/HT213845","name":"https://support.apple.com/kb/HT213845","refsource":"MISC","tags":[],"title":"About the security content of macOS Big Sur 11.7.9 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/kb/HT213844","name":"https://support.apple.com/kb/HT213844","refsource":"MISC","tags":[],"title":"About the security content of macOS Monterey 12.6.8 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7I7DWGYGEMBNLZF5UQBMF3SONR37YUBN/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7I7DWGYGEMBNLZF5UQBMF3SONR37YUBN/","refsource":"MISC","tags":[],"title":"[SECURITY] Fedora 37 Update: cups-2.4.6-1.fc37 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/OpenPrinting/cups/security/advisories/GHSA-qjgh-5hcq-5f25","name":"https://github.com/OpenPrinting/cups/security/advisories/GHSA-qjgh-5hcq-5f25","refsource":"MISC","tags":[],"title":"use-after-free in cupsdAcceptClient() · Advisory · OpenPrinting/cups · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/OpenPrinting/cups/releases/tag/v2.4.6","name":"https://github.com/OpenPrinting/cups/releases/tag/v2.4.6","refsource":"MISC","tags":[],"title":"Release v2.4.6 · OpenPrinting/cups · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://www.openwall.com/lists/oss-security/2023/06/23/10","name":"http://www.openwall.com/lists/oss-security/2023/06/23/10","refsource":"MISC","tags":[],"title":"oss-security - Re: CVE-2023-34241: CUPS: use-after-free in cupsdAcceptClient()","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://support.apple.com/kb/HT213843","name":"https://support.apple.com/kb/HT213843","refsource":"MISC","tags":[],"title":"About the security content of macOS Ventura 13.5 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.openwall.com/lists/oss-security/2023/06/26/1","name":"http://www.openwall.com/lists/oss-security/2023/06/26/1","refsource":"MISC","tags":[],"title":"oss-security - Re: CVE-2023-34241: CUPS: use-after-free in\n cupsdAcceptClient()","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.debian.org/debian-lts-announce/2023/06/msg00038.html","name":"https://lists.debian.org/debian-lts-announce/2023/06/msg00038.html","refsource":"MISC","tags":[],"title":"[SECURITY] [DLA 3476-1] cups security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-34241","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-34241","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"34241","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"macos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"34241","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"34241","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"37","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"34241","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"38","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"34241","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"openprinting","cpe5":"cups","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-34241","qid":"161125","title":"Oracle Enterprise Linux Security Update for cups (ELSA-2023-6596)"},{"cve":"CVE-2023-34241","qid":"161184","title":"Oracle Enterprise Linux Security Update for cups (ELSA-2023-7165)"},{"cve":"CVE-2023-34241","qid":"199436","title":"Ubuntu Security Notification for CUPS Vulnerability (USN-6184-1)"},{"cve":"CVE-2023-34241","qid":"199585","title":"Ubuntu Security Notification for CUPS Vulnerability (USN-6184-2)"},{"cve":"CVE-2023-34241","qid":"242320","title":"Red Hat Update for cups (RHSA-2023:6596)"},{"cve":"CVE-2023-34241","qid":"242442","title":"Red Hat Update for cups (RHSA-2023:7165)"},{"cve":"CVE-2023-34241","qid":"243034","title":"Red Hat Update for cups (RHSA-2024:1101)"},{"cve":"CVE-2023-34241","qid":"243084","title":"Red Hat Update for cups (RHSA-2024:1409)"},{"cve":"CVE-2023-34241","qid":"284111","title":"Fedora Security Update for cups (FEDORA-2023-fac5968b55)"},{"cve":"CVE-2023-34241","qid":"284316","title":"Fedora Security Update for cups (FEDORA-2023-9dbd5b28d4)"},{"cve":"CVE-2023-34241","qid":"355570","title":"Amazon Linux Security Advisory for cups : ALAS-2023-1777"},{"cve":"CVE-2023-34241","qid":"355587","title":"Amazon Linux Security Advisory for cups : ALAS2-2023-2109"},{"cve":"CVE-2023-34241","qid":"355619","title":"Amazon Linux Security Advisory for cups : ALAS2023-2023-235"},{"cve":"CVE-2023-34241","qid":"378687","title":"Apple macOS Ventura 13.5 Not Installed (HT213843)"},{"cve":"CVE-2023-34241","qid":"378688","title":"Apple macOS Monterey 12.6.8 Not Installed (HT213844)"},{"cve":"CVE-2023-34241","qid":"378689","title":"Apple macOS Big Sur 11.7.9 Not Installed (HT213845)"},{"cve":"CVE-2023-34241","qid":"379618","title":"Alibaba Cloud Linux Security Update for cups (ALINUX3-SA-2024:0049)"},{"cve":"CVE-2023-34241","qid":"503035","title":"Alpine Linux Security Update for cups"},{"cve":"CVE-2023-34241","qid":"503036","title":"Alpine Linux Security Update for cups"},{"cve":"CVE-2023-34241","qid":"503037","title":"Alpine Linux Security Update for cups"},{"cve":"CVE-2023-34241","qid":"6000127","title":"Debian Security Update for cups (DLA 3476-1)"},{"cve":"CVE-2023-34241","qid":"673262","title":"EulerOS Security Update for cups (EulerOS-SA-2023-2577)"},{"cve":"CVE-2023-34241","qid":"673291","title":"EulerOS Security Update for cups (EulerOS-SA-2023-2607)"},{"cve":"CVE-2023-34241","qid":"673362","title":"EulerOS Security Update for cups (EulerOS-SA-2023-2806)"},{"cve":"CVE-2023-34241","qid":"673384","title":"EulerOS Security Update for cups (EulerOS-SA-2023-2856)"},{"cve":"CVE-2023-34241","qid":"673444","title":"EulerOS Security Update for cups (EulerOS-SA-2023-2839)"},{"cve":"CVE-2023-34241","qid":"673660","title":"EulerOS Security Update for cups (EulerOS-SA-2023-2782)"},{"cve":"CVE-2023-34241","qid":"673700","title":"EulerOS Security Update for cups (EulerOS-SA-2023-3119)"},{"cve":"CVE-2023-34241","qid":"710864","title":"Gentoo Linux CUPS Multiple Vulnerabilities (GLSA 202402-17)"},{"cve":"CVE-2023-34241","qid":"754125","title":"SUSE Enterprise Linux Security Update for cups (SUSE-SU-2023:2616-1)"},{"cve":"CVE-2023-34241","qid":"754892","title":"SUSE Enterprise Linux Security Update for cups (SUSE-SU-2023:3706-1)"},{"cve":"CVE-2023-34241","qid":"941358","title":"AlmaLinux Security Update for cups (ALSA-2023:6596)"},{"cve":"CVE-2023-34241","qid":"941447","title":"AlmaLinux Security Update for cups (ALSA-2023:7165)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-34241","ASSIGNER":"security-advisories@github.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data right before. This is a use-after-free bug that impacts the entire cupsd process.\n\nThe exact cause of this issue is the function `httpClose(con->http)` being called in `scheduler/client.c`. The problem is that httpClose always, provided its argument is not null, frees the pointer at the end of the call, only for cupsdLogClient to pass the pointer to httpGetHostname. This issue happens in function `cupsdAcceptClient` if LogLevel is warn or higher and in two scenarios: there is a double-lookup for the IP Address (HostNameLookups Double is set in `cupsd.conf`) which fails to resolve, or if CUPS is compiled with TCP wrappers and the connection is refused by rules from `/etc/hosts.allow` and `/etc/hosts.deny`.\n\nVersion 2.4.6 has a patch for this issue."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-416: Use After Free","cweId":"CWE-416"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"OpenPrinting","product":{"product_data":[{"product_name":"cups","version":{"version_data":[{"version_affected":"=","version_value":">= 2.0.0, < 2.4.6"}]}}]}}]}},"references":{"reference_data":[{"url":"https://github.com/OpenPrinting/cups/security/advisories/GHSA-qjgh-5hcq-5f25","refsource":"MISC","name":"https://github.com/OpenPrinting/cups/security/advisories/GHSA-qjgh-5hcq-5f25"},{"url":"https://github.com/OpenPrinting/cups/commit/9809947a959e18409dcf562a3466ef246cb90cb2","refsource":"MISC","name":"https://github.com/OpenPrinting/cups/commit/9809947a959e18409dcf562a3466ef246cb90cb2"},{"url":"https://github.com/OpenPrinting/cups/releases/tag/v2.4.6","refsource":"MISC","name":"https://github.com/OpenPrinting/cups/releases/tag/v2.4.6"},{"url":"http://www.openwall.com/lists/oss-security/2023/06/23/10","refsource":"MISC","name":"http://www.openwall.com/lists/oss-security/2023/06/23/10"},{"url":"http://www.openwall.com/lists/oss-security/2023/06/26/1","refsource":"MISC","name":"http://www.openwall.com/lists/oss-security/2023/06/26/1"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TBIYKDS3UG3W4Z7YOHTR2AWFNBRYPNYY/","refsource":"MISC","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TBIYKDS3UG3W4Z7YOHTR2AWFNBRYPNYY/"},{"url":"https://lists.debian.org/debian-lts-announce/2023/06/msg00038.html","refsource":"MISC","name":"https://lists.debian.org/debian-lts-announce/2023/06/msg00038.html"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7I7DWGYGEMBNLZF5UQBMF3SONR37YUBN/","refsource":"MISC","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7I7DWGYGEMBNLZF5UQBMF3SONR37YUBN/"},{"url":"https://support.apple.com/kb/HT213843","refsource":"MISC","name":"https://support.apple.com/kb/HT213843"},{"url":"https://support.apple.com/kb/HT213844","refsource":"MISC","name":"https://support.apple.com/kb/HT213844"},{"url":"https://support.apple.com/kb/HT213845","refsource":"MISC","name":"https://support.apple.com/kb/HT213845"}]},"source":{"advisory":"GHSA-qjgh-5hcq-5f25","discovery":"UNKNOWN"},"impact":{"cvss":[{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":5.3,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","version":"3.1"}]}},"nvd":{"publishedDate":"2023-06-22 23:15:00","lastModifiedDate":"2023-11-17 19:33:00","problem_types":["CWE-416"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.1,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:openprinting:cups:*:*:*:*:*:*:*:*","versionStartIncluding":"2.2.0","versionEndExcluding":"2.4.6","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*","versionStartIncluding":"13.0","versionEndExcluding":"13.5","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*","versionEndExcluding":"11.7.9","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*","versionStartIncluding":"12.0.0","versionEndExcluding":"12.6.8","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}