What is CVE-2024-35235?

CVE-2024-35235 is a medium-severity vulnerability in Openprinting Cups, classified under Improper Link Resolution Before File Access. CVSS score: 4.4/10. Published 2024-06-11.

How severe is CVE-2024-35235?

Medium severity. CVSS v3 base score is 4.4 out of 10.

Vulnerability in Openprinting Cups

CVE-2024-35235

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.8 and earlier, when starting the cupsd server with a Listen configuration item pointing to a symbolic link, the cupsd proc…

EPSS: 0.031 (87.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.4 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N.

Affected products

Openprinting Cups — versions <= 2.4.8

Weakness classification (CWE)

CWE-59 — Improper Link Resolution Before File Access
CWE-252

References

https://github.com/OpenPrinting/cups/security/advisories/GHSA-vvwp-mv6j-hw6f (x_refsource_CONFIRM)
https://github.com/OpenPrinting/cups/commit/ff1f8a623e090dee8a8aadf12a6a4b25efac143d (x_refsource_MISC)
https://git.launchpad.net/ubuntu/+source/apparmor/tree/profiles/apparmor.d/abstractions/user-tmp#n21 (x_refsource_MISC)
https://github.com/OpenPrinting/cups/blob/aba917003c8de55e5bf85010f0ecf1f1ddd1408e/cups/http-addr.c#L229-L240 (x_refsource_MISC)
www.openwall.com/lists/oss-security/2024/06/11/1
www.openwall.com/lists/oss-security/2024/06/12/4
www.openwall.com/lists/oss-security/2024/06/12/5
lists.debian.org/debian-lts-announce/2024/06/msg00001.html

Frequently asked questions

What is CVE-2024-35235?: CVE-2024-35235 is a medium-severity vulnerability in Openprinting Cups, classified under Improper Link Resolution Before File Access. CVSS score: 4.4/10. Published 2024-06-11.
How severe is CVE-2024-35235?: Medium severity. CVSS v3 base score is 4.4 out of 10.