High severity7.5NVD Advisory· Published Feb 16, 2018· Updated Jun 17, 2026
CVE-2017-18190
CVE-2017-18190
Description
A localhost.localdomain whitelist entry in valid_host() in scheduler/client.c in CUPS before 2.2.2 allows remote attackers to execute arbitrary IPP commands by sending POST requests to the CUPS daemon in conjunction with DNS rebinding. The localhost.localdomain name is often resolved via a DNS server (neither the OS nor the web browser is responsible for ensuring that localhost.localdomain is 127.0.0.1).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
15- Range: <2.2.2
- Range: <2.2.2
- osv-coords13 versionspkg:rpm/suse/cups&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/cups&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/cups&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/cups&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2pkg:rpm/suse/cups&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3pkg:rpm/suse/cups&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/cups&distro=SUSE%20Linux%20Enterprise%20Server%20for%20Raspberry%20Pi%2012%20SP2pkg:rpm/suse/cups&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/cups&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/cups&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/cups&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP2pkg:rpm/suse/cups&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP3pkg:rpm/suse/cups&distro=SUSE%20OpenStack%20Cloud%206
< 1.7.5-20.3.1+ 12 more
- (no CPE)range: < 1.7.5-20.3.1
- (no CPE)range: < 1.7.5-20.3.1
- (no CPE)range: < 1.7.5-20.3.1
- (no CPE)range: < 1.7.5-20.3.1
- (no CPE)range: < 1.7.5-20.3.1
- (no CPE)range: < 1.7.5-20.3.1
- (no CPE)range: < 1.7.5-20.3.1
- (no CPE)range: < 1.7.5-20.3.1
- (no CPE)range: < 1.7.5-20.3.1
- (no CPE)range: < 1.7.5-20.3.1
- (no CPE)range: < 1.7.5-20.3.1
- (no CPE)range: < 1.7.5-20.3.1
- (no CPE)range: < 1.7.5-20.3.1
Patches
Vulnerability mechanics
References
5- github.com/apple/cups/commit/afa80cb2b457bf8d64f775bed307588610476c41nvdPatchThird Party Advisory
- bugs.chromium.org/p/project-zero/issues/detailnvdExploitIssue TrackingThird Party Advisory
- lists.debian.org/debian-lts-announce/2018/02/msg00023.htmlnvdMailing ListThird Party Advisory
- lists.debian.org/debian-lts-announce/2018/07/msg00003.htmlnvdMailing ListThird Party Advisory
- usn.ubuntu.com/3577-1/nvdThird Party Advisory
News mentions
0No linked articles in our index yet.