CVE-2020-12862 — Out-of-bounds Read in Sane Backends

CWE-125 — Out-of-bounds Read CWE-200 — Sensitive Information Exposure11 documents8 sources

Severity

4.3MEDIUMNVD

OSV7.5

EPSS

0.2%

top 62.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sane-project Sane Backends Sane-backends Project Sane-backends Canonical Ubuntu Linux +2 more

Timeline

PublishedJun 24

Latest updateMay 24

Description

An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-082.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

▶NVDsane-project/sane_backends< 1.0.30

▶Ubuntusane-backends_project/sane-backends< 1.0.25+git20150528-1ubuntu2.16.04.3+2

▶NVDopensuse/leap15.1, 15.2+1

Also affects: Debian Linux 9.0, Ubuntu Linux 16.04, 18.04, 20.04

🔴Vulnerability Details

GHSA

GHSA-9cxx-xcj5-q2jx: An out-of-bounds read in SANE Backends before 1↗2022-05-24

▶

OSV

sane-backends vulnerabilities↗2020-08-24

▶

OSV

CVE-2020-12862: An out-of-bounds read in SANE Backends before 1↗2020-06-24

▶

CVEList

CVE-2020-12862: An out-of-bounds read in SANE Backends before 1↗2020-06-24

▶

📋Vendor Advisories

Ubuntu

sane-backends vulnerabilities↗2020-08-24

▶

Red Hat

sane-backends: Out-of-bounds read in decode_binary↗2020-05-17

▶

Debian

CVE-2020-12862: sane-backends - An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious devic...↗2020

▶

💬Community

Bugzilla

CVE-2020-12862 sane-backends: Out-of-bounds read in decode_binary↗2020-06-24

▶

Bugzilla

CVE-2020-12862 mingw-sane-backends: sane-backends: Out-of-bounds read in decode_binary [fedora-all]↗2020-06-24

▶

Bugzilla

CVE-2020-12862 sane-backends: Out-of-bounds read in decode_binary [fedora-all]↗2020-06-24

▶