CVE-2017-6318 — Sensitive Information Exposure in Project Sane-backends

CWE-200 — Sensitive Information Exposure CWE-20 — Improper Input Validation11 documents8 sources

Severity

7.5HIGHNVD

EPSS

0.7%

top 27.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sane-backends Project Sane-backends Opensuse Leap

Timeline

PublishedMar 20

Latest updateMay 13

Description

saned in sane-backends 1.0.25 allows remote attackers to obtain sensitive memory information via a crafted SANE_NET_CONTROL_OPTION packet.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶Debiansane-backends_project/sane-backends< 1.0.25-4+3

▶Ubuntusane-backends_project/sane-backends< 1.0.25+git20150528-1ubuntu2.16.04.3+2

▶NVDsane-backends_project/sane-backends1.0.25

▶NVDopensuse/leap42.1

🔴Vulnerability Details

GHSA

GHSA-r29j-hp6g-537x: saned in sane-backends 1↗2022-05-13

▶

OSV

sane-backends vulnerabilities↗2020-08-24

▶

CVEList

CVE-2017-6318: saned in sane-backends 1↗2017-03-20

▶

OSV

CVE-2017-6318: saned in sane-backends 1↗2017-03-20

▶

📋Vendor Advisories

Ubuntu

sane-backends vulnerabilities↗2020-08-24

▶

Debian

CVE-2017-6318: sane-backends - saned in sane-backends 1.0.25 allows remote attackers to obtain sensitive memory...↗2017

▶

Red Hat

sane-backends: SANE_NET_CONTROL_OPTION response packet may contain memory contents of the server↗2016-12-16

▶

💬Community

Bugzilla

CVE-2017-6318 mingw-sane-backends: sane-backends: SANE_NET_CONTROL_OPTION response packet may contain memory contents of the server [fedora-all]↗2017-03-03

▶

Bugzilla

CVE-2017-6318 sane-backends: SANE_NET_CONTROL_OPTION response packet may contain memory contents of the server↗2017-03-03

▶

Bugzilla

CVE-2017-6318 sane-backends: SANE_NET_CONTROL_OPTION response packet may contain memory contents of the server [fedora-all]↗2017-03-03

▶