CVE-2024-47176 – cups-browsed binds to `INADDR_ANY:631`, trusting any packet from any source

https://notcve.org/view.php?id=CVE-2024-47176

26 Sep 2024 — CUPS is a standards-based, open-source printing system, and `cups-browsed` contains network printing functionality including, but not limited to, auto-discovering print services and shared printers. `cups-browsed` binds to `INADDR_ANY:631`, causing it to trust any packet from any source, and can cause the `Get-Printer-Attributes` IPP request to an attacker controlled URL. Due to the service binding to `*:631 ( INADDR_ANY )`, multiple bugs in `cups-browsed` can be exploited in sequence to introduce a malicio... • https://packetstorm.news/files/id/181978 • CWE-20: Improper Input Validation CWE-749: Exposed Dangerous Method or Function CWE-940: Improper Verification of Source of a Communication Channel CWE-1327: Binding to an Unrestricted IP Address •