{ "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2023-34095", "ASSIGNER": "security-advisories@github.com", "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", "value": "cpdb-libs provides frontend and backend libraries for the Common Printing Dialog Backends (CPDB) project. In versions 1.0 through 2.0b4, cpdb-libs is vulnerable to buffer overflows via improper use of `scanf(3)`. cpdb-libs uses the `fscanf()` and `scanf()` functions to parse command lines and configuration files, dropping the read string components into fixed-length buffers, but does not limit the length of the strings to be read by `fscanf()` and `scanf()` causing buffer overflows when a string is longer than 1023 characters. A patch for this issue is available at commit f181bd1f14757c2ae0f17cc76dc20421a40f30b7. As all buffers have a length of 1024 characters, the patch limits the maximum string length to be read to 1023 by replacing all occurrences of `%s` with `%1023s` in all calls of the `fscanf()` and `scanf()` functions.\n" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-121: Stack-based Buffer Overflow", "cweId": "CWE-121" } ] } ] }, "affects": { "vendor": { "vendor_data": [ { "vendor_name": "OpenPrinting", "product": { "product_data": [ { "product_name": "cpdb-libs", "version": { "version_data": [ { "version_affected": "=", "version_value": ">= 1.0, <= 2.0b4" } ] } } ] } } ] } }, "references": { "reference_data": [ { "url": "https://github.com/OpenPrinting/cpdb-libs/security/advisories/GHSA-25j7-9gfc-f46x", "refsource": "MISC", "name": "https://github.com/OpenPrinting/cpdb-libs/security/advisories/GHSA-25j7-9gfc-f46x" }, { "url": "https://github.com/OpenPrinting/cpdb-libs/commit/f181bd1f14757c2ae0f17cc76dc20421a40f30b7", "refsource": "MISC", "name": "https://github.com/OpenPrinting/cpdb-libs/commit/f181bd1f14757c2ae0f17cc76dc20421a40f30b7" }, { "url": "https://github.com/OpenPrinting/cpdb-libs/blob/85555fba64d34f53a2fce099b0488904cc48ed35/cpdb/cpdb-frontend.c#L372", "refsource": "MISC", "name": "https://github.com/OpenPrinting/cpdb-libs/blob/85555fba64d34f53a2fce099b0488904cc48ed35/cpdb/cpdb-frontend.c#L372" }, { "url": "https://github.com/OpenPrinting/cpdb-libs/blob/85555fba64d34f53a2fce099b0488904cc48ed35/tools/cpdb-text-frontend.c#L362", "refsource": "MISC", "name": "https://github.com/OpenPrinting/cpdb-libs/blob/85555fba64d34f53a2fce099b0488904cc48ed35/tools/cpdb-text-frontend.c#L362" }, { "url": "https://github.com/OpenPrinting/cpdb-libs/blob/85555fba64d34f53a2fce099b0488904cc48ed35/tools/cpdb-text-frontend.c#L453", "refsource": "MISC", "name": "https://github.com/OpenPrinting/cpdb-libs/blob/85555fba64d34f53a2fce099b0488904cc48ed35/tools/cpdb-text-frontend.c#L453" }, { "url": "http://www.openwall.com/lists/oss-security/2023/06/14/7", "refsource": "MISC", "name": "http://www.openwall.com/lists/oss-security/2023/06/14/7" } ] }, "source": { "advisory": "GHSA-25j7-9gfc-f46x", "discovery": "UNKNOWN" }, "impact": { "cvss": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } ] } }