Vulnerability Name:

CVE-2019-8842 (CCN-172905)

Assigned:2019-12-10
Published:2019-12-10
Updated:2021-03-15
Summary:A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. In certain configurations, a remote attacker may be able to submit arbitrary print jobs.
CVSS v3 Severity:3.3 Low (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)
2.9 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N)
4.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): High
Availibility (A): None
CVSS v2 Severity:2.6 Low (CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:C/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): Complete
Availibility (A): None
Vulnerability Type:CWE-120
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2019-8842

Source: XF
Type: UNKNOWN
apple-macos-cve20198842-bo(172905)

Source: MLIST
Type: Mailing List, Tool Signature
[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar

Source: CCN
Type: Apple security document HT210788
About the security content of macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra

Source: MISC
Type: Release Notes, Vendor Advisory
https://support.apple.com/en-us/HT210788

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2019-8842

Vulnerable Configuration:Configuration 1:
  • cpe:/o:apple:mac_os_x:*:*:*:*:*:*:*:* (Version < 10.15.2)

    • Configuration CCN 1:
  • cpe:/o:apple:macos_catalina:10.15.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:8002
    P
    		cups-ddk-2.2.7-150000.3.40.1 on GA media (Moderate)
    2023-06-20
    oval:org.opensuse.security:def:7926
    P
    		libcups2-32bit-2.2.7-150000.3.40.1 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:7474
    P
    		cups-2.2.7-150000.3.40.1 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:95370
    P
    		Security update for apache2 (Important)
    2022-07-06
    oval:org.opensuse.security:def:3377
    P
    		sysstat-12.0.2-10.24.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3476
    P
    		dpdk-18.11.2-1.59 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:2900
    P
    		cups-2.2.7-3.26.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:94530
    P
    		cups-2.2.7-3.26.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:95007
    P
    		cups-ddk-2.2.7-3.26.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:94588
    P
    		jq-1.6-3.3.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:94913
    P
    		gvfs-1.48.1-150400.2.17 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:36
    P
    		cups-2.2.7-3.26.1 on GA media (Moderate)
    2022-06-13
    oval:org.opensuse.security:def:101626
    P
    		Security update for libxml2 (Important) (in QA)
    2022-04-29
    oval:org.opensuse.security:def:102083
    P
    		Security update for protobuf (Moderate)
    2022-03-30
    oval:org.opensuse.security:def:965
    P
    		Security update for libcaca (Important)
    2022-03-09
    oval:org.opensuse.security:def:112129
    P
    		cups-2.3.3op2-4.2 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:105665
    P
    		Security update for samba (Important)
    2021-11-16
    oval:org.opensuse.security:def:4504
    P
    		Security update for the Linux Kernel (Live Patch 12 for SLE 12 SP5) (Important)
    2021-10-14
    oval:org.opensuse.security:def:1913
    P
    		cups-ddk-2.2.7-3.26.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:100812
    P
    		cups-2.2.7-3.26.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:62054
    P
    		cups-2.2.7-3.26.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:71795
    P
    		cups-2.2.7-3.26.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:101260
    P
    		cups-ddk-2.2.7-3.26.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:63002
    P
    		cups-ddk-2.2.7-3.26.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:72721
    P
    		cups-ddk-2.2.7-3.26.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:101301
    P
    		rpm-build-4.14.1-29.46 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:5822
    P
    		Security update for mariadb (Important)
    2021-08-06
    oval:org.opensuse.security:def:111208
    P
    		Security update for cups (Moderate)
    2021-02-05
    oval:org.opensuse.security:def:60343
    P
    		Security update for cups (Moderate)
    2021-02-02
    oval:org.opensuse.security:def:94395
    P
    		 (Moderate)
    2021-02-02
    oval:org.opensuse.security:def:26111
    P
    		Security update for cups (Moderate)
    2021-02-02
    oval:org.opensuse.security:def:97169
    P
    		Security update for cups (Moderate)
    2021-02-02
    oval:org.opensuse.security:def:65593
    P
    		Security update for cups (Moderate)
    2021-02-02
    oval:org.opensuse.security:def:74661
    P
    		Security update for cups (Moderate)
    2021-02-02
    oval:org.opensuse.security:def:117481
    P
    		Security update for cups (Moderate)
    2021-02-02
    oval:org.opensuse.security:def:93758
    P
    		 (Moderate)
    2021-02-02
    oval:org.opensuse.security:def:107967
    P
    		Security update for cups (Moderate)
    2021-02-02
    oval:org.opensuse.security:def:32989
    P
    		Security update for cups (Moderate)
    2021-02-02
    oval:org.opensuse.security:def:66911
    P
    		Security update for cups (Moderate)
    2021-02-02
    oval:org.opensuse.security:def:75979
    P
    		Security update for cups (Moderate)
    2021-02-02
    oval:org.opensuse.security:def:117806
    P
    		Security update for cups (Moderate)
    2021-02-02
    oval:org.opensuse.security:def:93972
    P
    		 (Moderate)
    2021-02-02
    oval:org.opensuse.security:def:108292
    P
    		Security update for cups (Moderate)
    2021-02-02
    oval:org.opensuse.security:def:87453
    P
    		Security update for cups (Moderate)
    2021-02-02
    oval:org.opensuse.security:def:34520
    P
    		Security update for cups (Moderate)
    2021-02-02
    oval:org.opensuse.security:def:93421
    P
    		 (Moderate)
    2021-02-02
    oval:org.opensuse.security:def:100323
    P
    		 (Moderate)
    2021-02-02
    oval:org.opensuse.security:def:58812
    P
    		Security update for cups (Moderate)
    2021-02-02
    oval:org.opensuse.security:def:94184
    P
    		 (Moderate)
    2021-02-02
    oval:org.opensuse.security:def:108749
    P
    		Security update for cups (Moderate)
    2021-02-02
    oval:org.opensuse.security:def:64565
    P
    		Security update for cups (Moderate)
    2021-02-02
    oval:org.opensuse.security:def:73687
    P
    		Security update for cups (Moderate)
    2021-02-02
    oval:org.opensuse.security:def:5098
    P
    		Security update for cups (Moderate)
    2021-02-02
    oval:org.opensuse.security:def:93577
    P
    		 (Moderate)
    2021-02-02
    oval:org.opensuse.security:def:100652
    P
    		 (Moderate)
    2021-02-02
    BACK
    apple mac os x *
    apple macos catalina 10.15.1