CVE-2025-58364 (CNNVD-202509-1589)

MEDIUM
中文标题:
OpenPrinting CUPS 代码问题漏洞
英文标题:
cups: Remote DoS via null dereference
CVSS分数: 6.5
发布时间: 2025-09-11 17:26:25
漏洞类型: 代码问题
状态: PUBLISHED
数据质量分数: 0.40
数据版本: v3
漏洞描述
中文描述:

OpenPrinting CUPS是OpenPrinting公司的一个适用于 Linux® 和其他类 Unix® 操作系统的基于标准的开源打印系统。 OpenPrinting CUPS 2.4.12及之前版本存在代码问题漏洞,该漏洞源于打印机属性反序列化和验证不当,可能导致空指针取消引用和拒绝服务攻击。

英文描述:

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, an unsafe deserialization and validation of printer attributes causes null dereference in the libcups library. This is a remote DoS vulnerability available in local subnet in default configurations. It can cause the cups & cups-browsed to crash, on all the machines in local network who are listening for printers (so by default for all regular linux machines). On systems where the vulnerability CVE-2024-47176 (cups-filters 1.x/cups-browsed 2.x vulnerability) was not fixed, and the firewall on the machine does not reject incoming communication to IPP port, and the machine is set to be available to public internet, attack vector "Network" is possible. The current versions of CUPS and cups-browsed projects have the attack vector "Adjacent" in their default configurations. Version 2.4.13 contains a patch for CVE-2025-58364.

CWE类型:
CWE-20 CWE-476
标签:
(暂无数据)
受影响产品
厂商 产品 版本 版本范围 平台 CPE
OpenPrinting cups < 2.4.13 - - cpe:2.3:a:openprinting:cups:<_2.4.13:*:*:*:*:*:*:*
openprinting cups * - - cpe:2.3:a:openprinting:cups:*:*:*:*:*:*:*:*
解决方案
中文解决方案:
(暂无数据)
英文解决方案:
(暂无数据)
临时解决方案:
(暂无数据)
参考链接
https://github.com/OpenPrinting/cups/security/advisories/GHSA-7qx3-r744-6qv4 x_refsource_CONFIRM
cve.org
访问
https://github.com/OpenPrinting/cups/commit/e58cba9d6fceed4242980e51dbd1302cf638ab1d x_refsource_MISC
cve.org
访问
af854a3a-2127-422b-91ae-364da2661108 OTHER
nvd.nist.gov
访问
af854a3a-2127-422b-91ae-364da2661108 OTHER
nvd.nist.gov
访问
CVSS评分详情
3.1 (cna)
MEDIUM
6.5
CVSS向量: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
机密性
NONE
完整性
NONE
可用性
HIGH
时间信息
发布时间:
2025-09-11 17:26:25
修改时间:
2025-11-04 21:13:40
创建时间:
2025-11-11 15:40:45
更新时间:
2026-01-12 02:12:06
利用信息
暂无可利用代码信息
数据源详情
数据源 记录ID 版本 提取时间
CVE cve_CVE-2025-58364 2025-11-11 15:23:30 2025-11-11 07:40:45
NVD nvd_CVE-2025-58364 2025-11-11 15:01:02 2025-11-11 07:48:32
CNNVD cnnvd_CNNVD-202509-1589 2025-11-11 15:12:57 2025-11-11 08:00:10
版本与语言
当前版本: v3
主要语言: EN
支持语言:
EN ZH
安全公告
暂无安全公告信息
变更历史
v3 CNNVD
2025-11-11 16:00:10
vulnerability_type: 未提取 → 代码问题; cnnvd_id: 未提取 → CNNVD-202509-1589; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']
查看详细变更
  • vulnerability_type: 未提取 -> 代码问题
  • cnnvd_id: 未提取 -> CNNVD-202509-1589
  • data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
v2 NVD
2025-11-11 15:48:32
affected_products_count: 1 → 2; references_count: 2 → 4; data_sources: ['cve'] → ['cve', 'nvd']
查看详细变更
  • affected_products_count: 1 -> 2
  • references_count: 2 -> 4
  • data_sources: ['cve'] -> ['cve', 'nvd']