CVE-2002-1368

EXPLOITED

CUPS 1.1.14-1.1.17 - DoS and RCE via Negative Content-Length or Chunked Encoding

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2002-1368 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including iDefense.

AI-analyzed exploit summary This exploit demonstrates a denial-of-service (DoS) vulnerability in CUPS by sending malformed HTTP headers with negative Content-Length or chunked Transfer-Encoding values, causing the cupsd service to crash. It may also allow remote code execution on certain platforms.

Description

Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing negative arguments to be fed into memcpy() calls via HTTP requests with (1) a negative Content-Length value or (2) a negative length in a chunked transfer encoding.

Exploits (1)

exploitdb WORKING POC VERIFIED
by iDefense · textremotelinux
https://www.exploit-db.com/exploits/22106

This exploit demonstrates a denial-of-service (DoS) vulnerability in CUPS by sending malformed HTTP headers with negative Content-Length or chunked Transfer-Encoding values, causing the cupsd service to crash. It may also allow remote code execution on certain platforms.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: CUPS (Common UNIX Printing System)
No auth needed
Prerequisites: Network access to the CUPS service (port 631)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (20)

Core 20
Core References
Vendor Advisory vendor-advisory x_refsource_mandrake
http://www.mandriva.com/security/advisories?name=MDKSA-2003:001
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/10909
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/7858
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/7843
Third Party Advisory mailing-list x_refsource_vulnwatch
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/9325/
Vendor Advisory vendor-advisory x_refsource_conectiva
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000702
Various Sources vendor-advisory x_refsource_caldera
ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-004.0.txt
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/7756/
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/7907
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/7913/
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/7794
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2003/dsa-232
Vendor Advisory vendor-advisory x_refsource_suse
http://www.novell.com/linux/security/advisories/2003_002_cups.html
Exploit, Vendor Advisory x_refsource_misc
http://www.idefense.com/advisory/12.19.02.txt
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2002-295.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/6437
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/7803
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/8080/
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=104032149026670&w=2

Scores

EPSS 0.1547
EPSS Percentile 96.4%

Details

VulnCheck KEV 2002-12-19
Status published
Products (15)
apple/mac_os_x 10.2
apple/mac_os_x 10.2.2
easy_software_products/cups 1.0.4
easy_software_products/cups 1.0.4_8
easy_software_products/cups 1.1.1
easy_software_products/cups 1.1.4
easy_software_products/cups 1.1.4_2
easy_software_products/cups 1.1.4_3
easy_software_products/cups 1.1.4_5
easy_software_products/cups 1.1.6
... and 5 more
Published Dec 26, 2002
Tracked Since Feb 18, 2026