CVE-2010-0302

Name: CVE-2010-0302
Creator: NVD / NIST
Published: 2010-03-05T19:30:00.437+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.5/10EPSS 2.58%

Last modified Jun 16, 2026

CVE-2010-0302 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. EPSS estimates a 2.58% chance of exploitation in the next 30 days.

Description

Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3553.

Metrics

CVSS 3.1

7.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Probability

2.58%

83.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-416

Affected Software

Vendor	Product	Versions
Apple	Cups	< 1.4.4
Apple	Mac Os X	< 10.5.8
Apple	Mac Os X	>= 10.6.0, < 10.6.4
Apple	Mac Os X Server	< 10.5.8
Apple	Mac Os X Server	>= 10.6.0, < 10.6.4
Fedoraproject	Fedora	11
Canonical	Ubuntu Linux	6.06
Canonical	Ubuntu Linux	8.04
Canonical	Ubuntu Linux	8.10
Canonical	Ubuntu Linux	9.04
Canonical	Ubuntu Linux	9.10
Redhat	Enterprise Linux	5.0
Redhat	Enterprise Linux Desktop	5.0
Redhat	Enterprise Linux Eus	5.4
Redhat	Enterprise Linux Server	5.0
Redhat	Enterprise Linux Workstation	5.0

References

http://cups.org/articles.php?L596Release Notes
http://cups.org/str.php?L3490Release Notes
http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.htmlMailing List
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037174.htmlMailing List
http://secunia.com/advisories/38785Broken Link
http://secunia.com/advisories/38927Broken Link
http://secunia.com/advisories/38979Broken Link
http://secunia.com/advisories/40220Broken Link
http://security.gentoo.org/glsa/glsa-201207-10.xmlThird Party Advisory
http://support.apple.com/kb/HT4188Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2010:073Broken Link
http://www.securityfocus.com/bid/38510Broken Link, Third Party Advisory, VDB Entry
http://www.securitytracker.com/id?1024124Broken Link, Third Party Advisory, VDB Entry
http://www.ubuntu.com/usn/USN-906-1Third Party Advisory
http://www.vupen.com/english/advisories/2010/1481Broken Link
https://bugzilla.redhat.com/show_bug.cgi?id=557775Issue Tracking, Patch
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11216Broken Link
https://rhn.redhat.com/errata/RHSA-2010-0129.htmlThird Party Advisory
http://cups.org/articles.php?L596Release Notes
http://cups.org/str.php?L3490Release Notes
http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.htmlMailing List
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037174.htmlMailing List
http://secunia.com/advisories/38785Broken Link
http://secunia.com/advisories/38927Broken Link
http://secunia.com/advisories/38979Broken Link
http://secunia.com/advisories/40220Broken Link
http://security.gentoo.org/glsa/glsa-201207-10.xmlThird Party Advisory
http://support.apple.com/kb/HT4188Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2010:073Broken Link
http://www.securityfocus.com/bid/38510Broken Link, Third Party Advisory, VDB Entry
http://www.securitytracker.com/id?1024124Broken Link, Third Party Advisory, VDB Entry
http://www.ubuntu.com/usn/USN-906-1Third Party Advisory
http://www.vupen.com/english/advisories/2010/1481Broken Link
https://bugzilla.redhat.com/show_bug.cgi?id=557775Issue Tracking, Patch
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11216Broken Link
https://rhn.redhat.com/errata/RHSA-2010-0129.htmlThird Party Advisory

Timeline

Published: Mar 5, 2010
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2010-0302?

How severe is CVE-2010-0302?

CVE-2010-0302 has a CVSS score of 7.5/10 (HIGH severity). The EPSS model estimates a 2.58% probability of exploitation in the next 30 days.

How do I fix CVE-2010-0302?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2010-0302?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST