CVE-2023-34241: 
NixOS vulnerability analysis and mitigation

CVE-2023-34241 affects OpenPrinting CUPS (Common Unix Printing System), a standards-based, open source printing system for Linux and other Unix-like operating systems. The vulnerability was discovered in versions 2.0.0 through 2.4.6, where CUPS logs data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data right before (GHSA Advisory).

The vulnerability is a use-after-free bug in the cupsdAcceptClient() function within scheduler/client.c. The issue occurs when the function httpClose(con->http) is called before cupsdLogClient attempts to use the freed pointer with httpGetHostname. This happens when LogLevel is set to warn or higher and either there is a double-lookup for the IP Address (HostNameLookups Double is set in cupsd.conf) which fails to resolve, or if CUPS is compiled with TCP wrappers and the connection is refused by rules from /etc/hosts.allow and /etc/hosts.deny. The vulnerability has been assigned a CVSS v3.1 base score of 7.1 (HIGH) (NVD).

The vulnerability impacts the entire cupsd process and could allow a local unprivileged attacker to exfiltrate private keys and sensitive information from a privileged cups daemon. Additionally, it could be exploited to cause a denial-of-service condition by making the process crash (GHSA Advisory).

The vulnerability has been patched in CUPS version 2.4.6. Users are advised to upgrade to this version or apply the available security patches. The fix involves modifying the code to log data before closing the connection (CUPS Release). Multiple vendors have released updates to address this vulnerability, including Red Hat, Debian, Fedora, and Apple in their respective products (Debian Advisory, Fedora Update).