CVE-2025-58436
- Source
- https://cve.org/CVERecord?id=CVE-2025-58436
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-58436.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-58436
- Aliases
-
- GHSA-8wpw-vfgm-qrrr
- Downstream
- Related
- Published
- 2025-11-29T02:15:53.252Z
- Modified
- 2026-04-24T11:58:45.125732Z
- Severity
-
- 5.1 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- OpenPrinting CUPS slow client can halt cupsd, leading to a possible DoS attack
- Details
-
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a client that connects to cupsd but sends slow messages, e.g. only one byte per second, delays cupsd as a whole, such that it becomes unusable by other clients. This issue has been patched in version 2.4.15.
- Database specific
{ "cwe_ids": [ "CWE-400" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/58xxx/CVE-2025-58436.json", "cna_assigner": "GitHub_M" }- References
-
- http://www.openwall.com/lists/oss-security/2025/11/27/4
- https://github.com/OpenPrinting/cups/releases/tag/v2.4.15
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/58xxx/CVE-2025-58436.json
- https://github.com/OpenPrinting/cups/security/advisories/GHSA-8wpw-vfgm-qrrr
- https://nvd.nist.gov/vuln/detail/CVE-2025-58436
- https://github.com/OpenPrinting/cups/commit/40008d76a001babbb9beb9d9d74b01a86fb6ddb4
Affected packages
Git / github.com/openprinting/cups
Affected versions
v2.*
v2.2.0
v2.2.1
v2.2.2
v2.2.3
v2.2.4
v2.2.5
v2.2.6
v2.2b1
v2.2b2
v2.2rc1
v2.3.0
v2.3.1
v2.3.3
v2.3.3op1
v2.3.3op2
v2.3b1
v2.3b2
v2.3b3
v2.3b4
v2.3b5
v2.3b6
v2.3b7
v2.3b8
v2.3rc1
v2.4.0
v2.4.1
v2.4.10
v2.4.11
v2.4.12
v2.4.13
v2.4.14
v2.4.2
v2.4.3
v2.4.4
v2.4.5
v2.4.6
v2.4.7
v2.4.8
v2.4.9
v2.4b1
v2.4rc1
Database specific
vanir_signatures_modified
"2026-04-24T11:58:45Z"
vanir_signatures
[
{
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2025-58436-00373401",
"source": "https://github.com/openprinting/cups/commit/40008d76a001babbb9beb9d9d74b01a86fb6ddb4",
"digest": {
"threshold": 0.9,
"line_hashes": [
"76580982592754540176721867738932825098",
"190981950243515492771567476796405008105",
"241900447263142149710300279178902025919"
]
},
"target": {
"file": "scheduler/select.c"
}
},
{
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2025-58436-20fd7485",
"source": "https://github.com/openprinting/cups/commit/40008d76a001babbb9beb9d9d74b01a86fb6ddb4",
"digest": {
"length": 6841.0,
"function_hash": "13964595530112761719741095840615189618"
},
"target": {
"file": "cups/tls-openssl.c",
"function": "_httpTLSStart"
}
},
{
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2025-58436-25bc207f",
"source": "https://github.com/openprinting/cups/commit/40008d76a001babbb9beb9d9d74b01a86fb6ddb4",
"digest": {
"length": 4457.0,
"function_hash": "21005017830707045656850060399595820854"
},
"target": {
"file": "cups/http.c",
"function": "httpRead2"
}
},
{
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2025-58436-2c8387af",
"source": "https://github.com/openprinting/cups/commit/40008d76a001babbb9beb9d9d74b01a86fb6ddb4",
"digest": {
"threshold": 0.9,
"line_hashes": [
"95200110946963419759778017192610222268",
"9662844345539735996566874530560025267",
"224406327908932319998670883747366985351",
"197905358160672202742885613990887036701"
]
},
"target": {
"file": "scheduler/client.h"
}
},
{
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2025-58436-434ad461",
"source": "https://github.com/openprinting/cups/commit/40008d76a001babbb9beb9d9d74b01a86fb6ddb4",
"digest": {
"length": 5662.0,
"function_hash": "131599698190001556526141342741850960006"
},
"target": {
"file": "scheduler/client.c",
"function": "cupsdAcceptClient"
}
},
{
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2025-58436-43860eb9",
"source": "https://github.com/openprinting/cups/commit/433af45db06759081d4f3cd606e08ca634fc490a",
"digest": {
"threshold": 0.9,
"line_hashes": [
"77478087155392166827753678322261110249",
"199629161088706978755561407205027215243",
"242761163277272059188145473982024142479",
"31183038617601839798647281261141047645",
"290956483188464259330199195401068909924",
"47716117503936234012778123479968869248",
"127641381619247502457438674603461877569"
]
},
"target": {
"file": "cups/cups.h"
}
},
{
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2025-58436-4ba12da5",
"source": "https://github.com/openprinting/cups/commit/40008d76a001babbb9beb9d9d74b01a86fb6ddb4",
"digest": {
"length": 297.0,
"function_hash": "256259829874770239351392431181177356909"
},
"target": {
"file": "scheduler/client.c",
"function": "cupsd_start_tls"
}
},
{
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2025-58436-66c9abdb",
"source": "https://github.com/openprinting/cups/commit/40008d76a001babbb9beb9d9d74b01a86fb6ddb4",
"digest": {
"length": 7791.0,
"function_hash": "63990270412560338136497101077274539451"
},
"target": {
"file": "cups/tls-gnutls.c",
"function": "_httpTLSStart"
}
},
{
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2025-58436-777739fc",
"source": "https://github.com/openprinting/cups/commit/40008d76a001babbb9beb9d9d74b01a86fb6ddb4",
"digest": {
"length": 27166.0,
"function_hash": "110583347758116482037036578708611922814"
},
"target": {
"file": "scheduler/client.c",
"function": "cupsdReadClient"
}
},
{
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2025-58436-8d67a1fb",
"source": "https://github.com/openprinting/cups/commit/40008d76a001babbb9beb9d9d74b01a86fb6ddb4",
"digest": {
"length": 241.0,
"function_hash": "63395032374237686701806846327027758490"
},
"target": {
"file": "cups/http.c",
"function": "http_set_wait"
}
},
{
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2025-58436-8fa8c320",
"source": "https://github.com/openprinting/cups/commit/40008d76a001babbb9beb9d9d74b01a86fb6ddb4",
"digest": {
"length": 2855.0,
"function_hash": "96387383944112773729210900321340476074"
},
"target": {
"file": "cups/http.c",
"function": "_httpUpdate"
}
},
{
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2025-58436-94d6bf6e",
"source": "https://github.com/openprinting/cups/commit/40008d76a001babbb9beb9d9d74b01a86fb6ddb4",
"digest": {
"length": 1746.0,
"function_hash": "42457734256847403102303065043103970251"
},
"target": {
"file": "cups/http.c",
"function": "http_read"
}
},
{
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2025-58436-96703422",
"source": "https://github.com/openprinting/cups/commit/40008d76a001babbb9beb9d9d74b01a86fb6ddb4",
"digest": {
"threshold": 0.9,
"line_hashes": [
"50090007929121909738874384860873572028",
"108324662318643432976305785286245322975",
"117990651278070980309781706624646665884",
"97081622970465573073701815774266343837"
]
},
"target": {
"file": "cups/tls-gnutls.c"
}
},
{
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2025-58436-9b4c3212",
"source": "https://github.com/openprinting/cups/commit/40008d76a001babbb9beb9d9d74b01a86fb6ddb4",
"digest": {
"length": 1818.0,
"function_hash": "215592277725726461147819129441770121701"
},
"target": {
"file": "scheduler/select.c",
"function": "cupsdDoSelect"
}
},
{
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2025-58436-acc37f2a",
"source": "https://github.com/openprinting/cups/commit/40008d76a001babbb9beb9d9d74b01a86fb6ddb4",
"digest": {
"length": 2600.0,
"function_hash": "151343785229667440901182264245484924486"
},
"target": {
"file": "cups/http.c",
"function": "httpGets2"
}
},
{
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2025-58436-b8e7e4b5",
"source": "https://github.com/openprinting/cups/commit/40008d76a001babbb9beb9d9d74b01a86fb6ddb4",
"digest": {
"length": 5129.0,
"function_hash": "25482128319209345481774140169645450638"
},
"target": {
"file": "cups/http.c",
"function": "httpPeek"
}
},
{
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2025-58436-c817132e",
"source": "https://github.com/openprinting/cups/commit/40008d76a001babbb9beb9d9d74b01a86fb6ddb4",
"digest": {
"length": 718.0,
"function_hash": "222454751353243750950085968367631111141"
},
"target": {
"file": "cups/http.c",
"function": "http_read_buffered"
}
},
{
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2025-58436-d955da7e",
"source": "https://github.com/openprinting/cups/commit/40008d76a001babbb9beb9d9d74b01a86fb6ddb4",
"digest": {
"threshold": 0.9,
"line_hashes": [
"220937579370994057422172740810188185869",
"202920195206624962959882956042849483352",
"37204080690075896955741574542946318464",
"38764951050736091848406992431934851592",
"115544067325554418942111553709407926368",
"292851504603595218555172153002070843903",
"254968094425386866743152415827450284500",
"317668555164455258143952952055606276414",
"95439092828441216523640652748895482817",
"57215892426559041111686129616929838393",
"251593974081863510690004547132453903260",
"84662947609845643508772012009563076528",
"207877349988144601811265079795032128720",
"49535135922147869497593584384568717169",
"230668246715740605965978617427933448258",
"331965586640396569123113931958706921803",
"215102972044362745412246145605675856279",
"151432898557419667006012766920194806937",
"81362735062366394052508654345891804117",
"247500396506078783524841209064688467842",
"68515677982774460688568189311824910870",
"294597368029328247444346317850850754976",
"222225639025378989734337404159941313448",
"174838959419054344982290213151155887600",
"259330269313256186092694477311032987333",
"268675321619712639392212482856612555305",
"237360592190234030331501611764520973764",
"49666754819857256762920258545342314214",
"31920624420474366806947265776797247942",
"261553588950147682191179747359337844378",
"203816063383653388398343670042693123868",
"175632053914215373931497602904363332301",
"22290268406244151010814350101227556080",
"130414552956693870172342815797450907540",
"287491872689107931590837065128871019136",
"127357465760662644247158062282859090002",
"175633343499789452788752202264766821168",
"137380842499935726295759783271285029189",
"161975817745790595031881254261214342246",
"196878581401953091619150697500315006190",
"144709456403896685928028262453546157093",
"42196458354052505286999026797575388525",
"8259137617139029824405288222215754507",
"301064327207613911127419859533505747255",
"314925097165751840684583528787135164182",
"185910148625618238994771920348100271990",
"316804192400732200618574420683882793756",
"275618671731457118536091705101832569051",
"265946737292763176807739994515511166290",
"180292568597617523187468525722372869003",
"171558288642004310337663103251472289725",
"207877349988144601811265079795032128720",
"49535135922147869497593584384568717169",
"334109988833839505309770478738732868023",
"45467618816276135478635627797621906673",
"220954902390370380484542096361813524312",
"71538283825906627365082181669140458710",
"308264536986278297323521979524683425592",
"245290759629488890917412799595528779778",
"11116867621387510408687364562741139934",
"219144732628616798679836479262708548717",
"190398832356637388926303932854350618083",
"134791416766577091004223389712943008180",
"10073359398168804227469408636084113051",
"140562840050888259267129168230163612012",
"37711208752528262622189853453754955301",
"223605687384502898083300432579423083587",
"17974401850654646352790152234951503995",
"212537782183287577244646788300865512812",
"53470549373654421293747858535465929779",
"51752518775046134052072657781737423920",
"3328296161053751771227517285514924218",
"94893500354933557477694464238082077296"
]
},
"target": {
"file": "cups/http.c"
}
},
{
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2025-58436-e1c26e48",
"source": "https://github.com/openprinting/cups/commit/40008d76a001babbb9beb9d9d74b01a86fb6ddb4",
"digest": {
"threshold": 0.9,
"line_hashes": [
"9731753208066359264796181405004907320",
"288466649599257905828658043357139590481",
"161382070116073613191298673810503089835",
"73397454859929601636086791840664015108",
"237623941905835839842116206798900649340",
"219460211777916174872319061233752119122",
"51693750832589658951029776574171777510",
"297179566004257764159650860145186588461",
"310993804655686780298103925336876197950",
"179533042381934944409438937369102013894"
]
},
"target": {
"file": "cups/http-private.h"
}
},
{
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2025-58436-f1f00bba",
"source": "https://github.com/openprinting/cups/commit/40008d76a001babbb9beb9d9d74b01a86fb6ddb4",
"digest": {
"threshold": 0.9,
"line_hashes": [
"140993919044767757133673634682162219985",
"8668393305532190339983824672999466994",
"153453576089776109429203201426467305788",
"226097930355045394714926280284618422932",
"52226336585735852957738037659911748897",
"197245255202888104771371453894979003515",
"170108506108608489251713667852307788975",
"282781239652591421734139038836460140880",
"314971034684681621628695835174142351602",
"203497607690134765193484021040752463359",
"210167775771193174403266830148611510268",
"99696380705556089464734680969963472841",
"121067994153455686785859871818095272466",
"182071474845517934643065443737550543932",
"116125465341994966545968824573224499092",
"305241460732807833951871247198419963452",
"228201166414183721878497584381661525101",
"222142236097855885259861150311468662363",
"240923197704791241410876405600745910765",
"89905294565089784232041929964965170263",
"269611898589719613315654152617303925515",
"236462248127071627713623193614047329158",
"160681588632997437340974403979177548173",
"250986970814202058859303598708904373824",
"102950214427966112349858068293852915826",
"70002934788131876423116643776645497352",
"178889892306512681990125431301402580664",
"294152177238406031956462642290878010320",
"174037044923750340395624263110641464464",
"48734733450526156845456368106486089567",
"307734517275143893656270816106752831182",
"171271217001705860614896221501718702298",
"201209774514035599311192501296302563538",
"20598658697990835514516987244552184836",
"160681588632997437340974403979177548173",
"66406238322179189753543407743343652319",
"170179840398760617102956268660000044404",
"52537449681233155051880094344462644703",
"136860193325089608314629368719641106232",
"82348012438297328919531776335580031182",
"138873283035521091374153289463000005119",
"112602551469238615829087197989811374604",
"48006112017426648830235607026543755808",
"249916090939057470086218391235473522387",
"166166642135507382002095520079376806318",
"229554581805383321333453671829465408151",
"48891181061255022393394518538356606879",
"20598658697990835514516987244552184836",
"48734733450526156845456368106486089567",
"307734517275143893656270816106752831182",
"171271217001705860614896221501718702298",
"201209774514035599311192501296302563538",
"20598658697990835514516987244552184836",
"160681588632997437340974403979177548173",
"136752580974446077371232755962497199100",
"29676334190074211084572122057646805376",
"95618840937649161024063666792994849333",
"195243365434163044653460888225594149038",
"292901862157114464939566553140296087015",
"139195202079445841923888384660081405831",
"90626181423289783586422741740696129083",
"42732810707636097049541212732454010815",
"169847540674278062666314053642314114409",
"274315313691437550663969559486274755437",
"329057310053589688498003135413171117778",
"33003683363914288635897885217787907356",
"5435974358176779537635288965947794908",
"165043446329089594852573512912994755541",
"59342611756614576852520033534967100372",
"192867116708398520305816776459719109897",
"322063092447481488269948388049388260813",
"34832312546820911948517218085229464625",
"228886538849069896797245351083395373316",
"271418234643561394165814948013092021281",
"213193280444100845808413210661629036114",
"1030367992328116785951692856432667003"
]
},
"target": {
"file": "scheduler/client.c"
}
},
{
"signature_type": "Function",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2025-58436-f8ea6b94",
"source": "https://github.com/openprinting/cups/commit/40008d76a001babbb9beb9d9d74b01a86fb6ddb4",
"digest": {
"length": 680.0,
"function_hash": "32779829444270059358290639062691080629"
},
"target": {
"file": "cups/tls-openssl.c",
"function": "http_bio_read"
}
},
{
"signature_type": "Line",
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2025-58436-fc930b4e",
"source": "https://github.com/openprinting/cups/commit/40008d76a001babbb9beb9d9d74b01a86fb6ddb4",
"digest": {
"threshold": 0.9,
"line_hashes": [
"50090007929121909738874384860873572028",
"108324662318643432976305785286245322975",
"117990651278070980309781706624646665884",
"97505251453591497408240161597851144647",
"213114181218757194516410718564036664560",
"189219283082422016270915599154781499092",
"281875931784809881766468337049394380767",
"221863027742682880293243261908480692459",
"235680793638536000896368552128062694026",
"246381262291612499553897222165419801831",
"330797298341431416811959538325823704930"
]
},
"target": {
"file": "cups/tls-openssl.c"
}
}
]
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-58436.json"