ASB-A-168903843

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-168903843.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-168903843
Aliases
  • A-168903843
  • CVE-2023-40112
Published
2023-11-01T00:00:00Z
Modified
2024-08-07T19:29:27.151107Z
Summary
external/libcups - heap buffer overflow in ipp.c - ASAN READ
Details

In ippSetValueTag of ipp.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure of past print jobs or other print-related information, with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/external/libcups

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2023-11-01

Affected versions

Other

11

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "212880962577812786611223447384845183276",
                    "28856921957931201723531139662863044305",
                    "174019200493641912953846062801351655305",
                    "129263983058088753412700699505001336960"
                ]
            },
            "id": "ASB-A-168903843-4f0954cb",
            "source": "https://android.googlesource.com/platform/external/libcups/+/5dc9169996bece383ff2935e338f381913dc183b",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "scheduler/printers.c"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "289438216394548883769431888293979776272",
                    "309810957916046623177773561727519206897",
                    "162328195738166143545556550990671187660",
                    "185285991301393324361085810940698628030",
                    "256835891838219664650650611579869355810",
                    "178416588026499416015711056342659341225",
                    "226585750227673210747170324023124101571",
                    "211681707957472330063583410470833976709",
                    "1821810811401740206379067245313239758",
                    "142262119233670541338362375629863796115",
                    "284795482300010125694010954922654624503",
                    "52922224298618150695965942835094756149"
                ]
            },
            "id": "ASB-A-168903843-56324dfe",
            "source": "https://android.googlesource.com/platform/external/libcups/+/5dc9169996bece383ff2935e338f381913dc183b",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "ppdc/ppdc-source.cxx"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "340226112084769290609857559038050308221",
                    "164510363457194188507457219014599241610",
                    "319884012443562824073855725723278373164",
                    "316012690218399866435727670801406864314"
                ]
            },
            "id": "ASB-A-168903843-5e47b05f",
            "source": "https://android.googlesource.com/platform/external/libcups/+/5dc9169996bece383ff2935e338f381913dc183b",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "cups/cups-private.h"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "153524584723429585073972308261048820571"
                ]
            },
            "id": "ASB-A-168903843-5e736489",
            "source": "https://android.googlesource.com/platform/external/libcups/+/5dc9169996bece383ff2935e338f381913dc183b",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "cups/getifaddrs.c"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1883.0,
                "function_hash": "248450636535144815704141608806865063183"
            },
            "id": "ASB-A-168903843-70d1c080",
            "source": "https://android.googlesource.com/platform/external/libcups/+/5dc9169996bece383ff2935e338f381913dc183b",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "ppdc/ppdc-source.cxx",
                "function": "ppdcSource::get_resolution"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "331078716574778563796308073881548429280",
                    "75024167428607359142578985838284990514",
                    "229857158993383686233042494995488163640",
                    "278519157061902772649252033288628687388",
                    "52568802536491772877914028048765287409",
                    "109812927043473727675350539853680461773",
                    "247090710083023544742521439532381244639",
                    "104249324772050330345033926081141512606",
                    "324307402251801713402400091483748426742",
                    "69980987335137389345671975250085329932",
                    "54332841286734630537973701061486718700",
                    "260154270448791752256825467308298507094"
                ]
            },
            "id": "ASB-A-168903843-a778419c",
            "source": "https://android.googlesource.com/platform/external/libcups/+/5dc9169996bece383ff2935e338f381913dc183b",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "locale/ipp-strings.c"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 13349.0,
                "function_hash": "225179490076466687964734033945260745752"
            },
            "id": "ASB-A-168903843-cc483089",
            "source": "https://android.googlesource.com/platform/external/libcups/+/5dc9169996bece383ff2935e338f381913dc183b",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "scheduler/printers.c",
                "function": "cupsdCreateCommonData"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "113054326299873164591420037735852371929",
                    "213536834932752455539975659776376818423",
                    "11271020889405808157351406554369168880",
                    "43540580980778918806258032895931558075",
                    "15544529134457731936266432209371350031",
                    "209083865047495395997230559652591818280",
                    "318261485306923992446516686905302789370"
                ]
            },
            "id": "ASB-A-168903843-feb79606",
            "source": "https://android.googlesource.com/platform/external/libcups/+/5dc9169996bece383ff2935e338f381913dc183b",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "cups/cups.h"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/external/libcups/+/c56dfec131379d6ad0967503a3dab26e1529d3dd",
        "https://android.googlesource.com/platform/external/libcups/+/5dc9169996bece383ff2935e338f381913dc183b"
    ],
    "spl": "2023-11-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}

Android / platform/packages/services/BuiltInPrintService

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2023-11-01

Affected versions

Other

11

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 1059.0,
                "function_hash": "208908541234022284624100531514337325684"
            },
            "id": "ASB-A-168903843-19554650",
            "source": "https://android.googlesource.com/platform/packages/services/BuiltInPrintService/+/78aedf410610768bdfd8f6c87a704e82a4fd1526",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "jni/ipphelper/ipphelper.c",
                "function": "ipp_cups_connect"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 607.0,
                "function_hash": "269062204594514788065696016114249760109"
            },
            "id": "ASB-A-168903843-341aa243",
            "source": "https://android.googlesource.com/platform/packages/services/BuiltInPrintService/+/78aedf410610768bdfd8f6c87a704e82a4fd1526",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "jni/ipphelper/ipphelper.c",
                "function": "ippSendRequest"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "121841922422821634891644421617462246845",
                    "174647121699483139695830162332183851336",
                    "70205060180202351475742412994001880203",
                    "80783095156085154200111509718869578118",
                    "175809230290423591156565326244498498478",
                    "101457942480887745340045271152667832669",
                    "195007001531869849702670904799535689371",
                    "109239415881854319845481272749576884712",
                    "284115725153669263417790635072285326917",
                    "8200596218202304879321704466935497331",
                    "95853812027073571831033431326958752555",
                    "220376860414487512869001128441374112906",
                    "41061620296125049090650583377552755795",
                    "6368362472393028093489014113760184968",
                    "137636727070988564348968079198029729781",
                    "33389502629777811548589297080432372657",
                    "40615064232654873124315417879282693571",
                    "185999241522490597289635439754871331684"
                ]
            },
            "id": "ASB-A-168903843-544a5b82",
            "source": "https://android.googlesource.com/platform/packages/services/BuiltInPrintService/+/78aedf410610768bdfd8f6c87a704e82a4fd1526",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "jni/ipphelper/ipphelper.c"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "74083178827159764424559278811865206118",
                    "268787358437157662698257242904396897076",
                    "331438520497111928643580768855050928183",
                    "322051738068498332997146734300850847828",
                    "108970055851000078248958388594845941807",
                    "20762511052862861924161941175142160409",
                    "157180606990651114987859639820191497487",
                    "151147799178686485981347637909813104844",
                    "258771543095798613788880454975820898369",
                    "197193703297881138390481729150984519131",
                    "150659595122998533088600898705829636364",
                    "256834437576828961255536536730863288693",
                    "212865919487125351899738350059275282634",
                    "159157273108908459099927568126125312010",
                    "85636628087925622162138427933931158559",
                    "42736056769197146402111345548795351391",
                    "214005797723658209665585891064354233609"
                ]
            },
            "id": "ASB-A-168903843-5a9af5a1",
            "source": "https://android.googlesource.com/platform/packages/services/BuiltInPrintService/+/78aedf410610768bdfd8f6c87a704e82a4fd1526",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "jni/ipphelper/ipp_print.c"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1298.0,
                "function_hash": "125688700561513453144088291867387407339"
            },
            "id": "ASB-A-168903843-7333795d",
            "source": "https://android.googlesource.com/platform/packages/services/BuiltInPrintService/+/78aedf410610768bdfd8f6c87a704e82a4fd1526",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "jni/ipphelper/ipp_print.c",
                "function": "_start_job"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 1080.0,
                "function_hash": "29701596371237702473176779634240767410"
            },
            "id": "ASB-A-168903843-f01e5a3c",
            "source": "https://android.googlesource.com/platform/packages/services/BuiltInPrintService/+/78aedf410610768bdfd8f6c87a704e82a4fd1526",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "jni/ipphelper/ipp_print.c",
                "function": "_init"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/services/BuiltInPrintService/+/78aedf410610768bdfd8f6c87a704e82a4fd1526"
    ],
    "spl": "2023-11-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}