{
  "threat_severity" : "Moderate",
  "public_date" : "2025-12-01T00:00:00Z",
  "bugzilla" : {
    "description" : "cups: Slow client communication leads to a possible DoS attack",
    "id" : "2416040",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2416040"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.1",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-412",
  "details" : [ "OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a client that connects to cupsd but sends slow messages, e.g. only one byte per second, delays cupsd as a whole, such that it becomes unusable by other clients. This issue has been patched in version 2.4.15.", "A flaw was found in cups. A client that connects to cupsd but sends slow messages, e.g. only one  byte per second, delays cupsd as a whole, such that it becomes unusable \nby other clients." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "release_date" : "2026-01-12T00:00:00Z",
    "advisory" : "RHSA-2026:0464",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10.1",
    "package" : "cups-1:2.4.10-12.el10_1.2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2026-01-14T00:00:00Z",
    "advisory" : "RHSA-2026:0596",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "cups-1:2.2.6-66.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2026-01-14T00:00:00Z",
    "advisory" : "RHSA-2026:0596",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "cups-1:2.2.6-66.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2026-01-08T00:00:00Z",
    "advisory" : "RHSA-2026:0312",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "cups-1:2.3.3op2-34.el9_7.2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2026-01-08T00:00:00Z",
    "advisory" : "RHSA-2026:0312",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "cups-1:2.3.3op2-34.el9_7.2"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Will not fix",
    "package_name" : "cups",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Will not fix",
    "package_name" : "cups",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Will not fix",
    "package_name" : "rhcos",
    "cpe" : "cpe:/a:redhat:openshift:4"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-58436\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-58436" ],
  "name" : "CVE-2025-58436",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}