Vulnerability Description
The browsing feature in the server in CUPS does not filter ANSI escape sequences from shared printer names, which might allow remote attackers to execute arbitrary code via a crafted printer name.
CVSS Score
8.8
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cups | Cups | < 1.6 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2015/03/24/15Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2015/03/24/2Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/73300Third Party AdvisoryVDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=1084577Issue TrackingPatchThird Party Advisory
- http://www.openwall.com/lists/oss-security/2015/03/24/15Mailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2015/03/24/2Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/73300Third Party AdvisoryVDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=1084577Issue TrackingPatchThird Party Advisory
FAQ
What is CVE-2014-8166?
CVE-2014-8166 is a vulnerability with a CVSS score of 8.8 (HIGH). The browsing feature in the server in CUPS does not filter ANSI escape sequences from shared printer names, which might allow remote attackers to execute arbitrary code via a crafted printer name.
How severe is CVE-2014-8166?
CVE-2014-8166 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-8166?
Check the references section above for vendor advisories and patch information. Affected products include: Cups Cups.