Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Memory disclosure in CUPS with admin URLs #3577
See attached PDF, but in short, a URL like
will produce an error response that discloses a some uninitialised memory. This could be used to bypass ASLR, for example. The problem is in cgi-bin/var.c in cgi_initialize_string().
--- cgi-bin/var.c (revision 2161)