EUVD-2024-54699

| CVE-2024-51979 HIGH
2025-06-25 [email protected]
Buffer Overflow Denial Of Service
7.2
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 15, 2026 - 23:19 vuln.today
EUVD ID Assigned
Mar 15, 2026 - 23:19 euvd
EUVD-2024-54699
CVE Published
Jun 25, 2025 - 08:15 nvd
HIGH 7.2

DescriptionNVD

An authenticated attacker may trigger a stack based buffer overflow by performing a malformed request to either the HTTP service (TCP port 80), the HTTPS service (TCP port 443), or the IPP service (TCP port 631). The malformed request will contain an empty Origin header value and a malformed Referer header value. The Referer header value will trigger a stack based buffer overflow when the host value in the Referer header is processed and is greater than 64 bytes in length.

AnalysisAI

CVE-2024-51979 is a stack-based buffer overflow vulnerability affecting authenticated users of printing and web services that process malformed HTTP/HTTPS requests with oversized Referer headers. An authenticated attacker with high privileges can exploit this flaw by sending a specially crafted request containing an empty Origin header and a Referer header with a host value exceeding 64 bytes, potentially achieving remote code execution or denial of service. The vulnerability affects services on TCP ports 80 (HTTP), 443 (HTTPS), and 631 (IPP/printing protocol), with a CVSS 7.2 score indicating high severity, though exploitation requires prior authentication.

Technical ContextAI

This vulnerability exists in the HTTP request parsing logic of web/printing services (likely CUPS or similar print management software based on port 631 inclusion) where the Referer header's host component undergoes insufficient bounds checking. The CWE-121 (Stack-based Buffer Overflow) classification indicates that user-supplied input from the Referer header is copied into a fixed-size stack buffer without proper length validation. When the host portion of the Referer header exceeds 64 bytes, it overflows the allocated stack buffer. The attack requires manipulation of two specific headers: an empty Origin header (which may disable certain security checks) and a malformed Referer header. The vulnerability is triggered during HTTP header parsing, a critical but often overlooked component of web service implementations, and affects both encrypted (HTTPS/TLS on port 443) and unencrypted (HTTP on port 80) traffic, plus the IPP service commonly used for network printing (port 631).

RemediationAI

Immediate remediation steps: (1) Apply security patches from the affected software vendor (CUPS or equivalent) addressing CVE-2024-51979 - check vendor security advisories for patched versions; (2) Implement network segmentation to restrict access to affected services (ports 80, 443, 631) to authorized users only, limiting the authenticated attacker pool; (3) Disable unnecessary services - if IPP printing or web interface is not required, disable port 631 (IPP) and/or web interface access; (4) Enforce strong authentication controls to prevent unauthorized account access, reducing risk of authenticated attacks; (5) Monitor for suspicious requests containing unusually long Referer headers or empty Origin headers; (6) Apply input validation at the firewall or WAF level to reject oversized HTTP headers if not otherwise mitigated. Temporary mitigations before patching: disable the affected service temporarily if operationally feasible, or restrict network access to these ports via firewall rules. Vendor patches should be applied immediately upon availability as stack-based buffer overflows have high exploitation reliability.

Share

EUVD-2024-54699 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy