Fluid Attacks Database

Description

CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. (The request is meant to probe the new printer but can be used to create DDoS amplification attacks.)

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	cups-filters	=1.28.17-6 \|\| =1.28.17-7	-
debian 11	cups-filters	=1.28.10-1 \|\| =1.28.10-2 \|\| =1.28.11-1 \|\| =1.28.11-2 \|\| =1.28.12-1 \|\| =1.28.13-1 \|\| =1.28.14-1 \|\| =1.28.15-1 \|\| =1.28.16-1 \|\| =1.28.17-1 \|\| =1.28.17-2 \|\| =1.28.17-3 \|\| =1.28.17-3.1 \|\| =1.28.17-3.1~exp1 \|\| =1.28.17-4 \|\| =1.28.17-4.1 \|\| =1.28.17-5 \|\| =1.28.17-6 \|\| =1.28.17-7 \|\| =1.28.7-1 \|\| =1.28.7-1+deb11u1 \|\| =1.28.7-1+deb11u2 \|\| =1.28.7-1+deb11u3 \|\| =1.28.7-1+deb11u4 \|\| =1.28.8-1 \|\| =1.28.8-2 \|\| =1.28.8-3 \|\| =1.28.9-1	-
debian 12	cups-filters	=1.28.17-3 \|\| =1.28.17-3+deb12u1 \|\| =1.28.17-3+deb12u2 \|\| =1.28.17-3.1 \|\| =1.28.17-3.1~exp1 \|\| =1.28.17-4 \|\| =1.28.17-4.1 \|\| =1.28.17-5 \|\| =1.28.17-6 \|\| =1.28.17-7	-
debian 13	cups-filters	=1.28.17-6 \|\| =1.28.17-6+deb13u1 \|\| =1.28.17-7	-
rpm rhel10	cups-browsed	-	-
rpm rhel9	cups-filters	<0:1.28.7-17.el9_4	0:1.28.7-17.el9_4
rpm rhel8.8	cups-filters	<0:1.20.0-29.el8_8.3	0:1.20.0-29.el8_8.3
rpm rhel7	cups-filters	-	-
rpm rhel9.2	cups-filters	<0:1.28.7-11.el9_2.2	0:1.28.7-11.el9_2.2
rpm rhel8	cups-filters	<0:1.20.0-35.el8_10	0:1.20.0-35.el8_10

Aliases

1. CVE-2024-478502. NVD-2024-478503. OSV-DEBIAN-2024-478504. OSV-2024-478505. SECURITY-TRACKER-CVE-2024-47850

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.