CVE-2020-12864Out-of-bounds Read in Sane Backends

CWE-125Out-of-bounds ReadCWE-200Sensitive Information ExposureCWE-908Use of Uninitialized Resource11 documents8 sources
Severity
4.3MEDIUMNVD
OSV7.5
EPSS
0.2%
top 52.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Sane-project Sane BackendsSane-backends Project Sane-backendsCanonical Ubuntu Linux+1 more
Timeline
PublishedJun 24
Latest updateMay 24

Description

An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-081.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

Ubuntusane-backends_project/sane-backends< 1.0.25+git20150528-1ubuntu2.16.04.3+2
NVDopensuse/leap15.1, 15.2+1

Also affects: Ubuntu Linux 16.04, 18.04, 20.04

🔴Vulnerability Details

4
GHSA
GHSA-43w3-fxw8-8m47: An out-of-bounds read in SANE Backends before 12022-05-24
OSV
sane-backends vulnerabilities2020-08-24
CVEList
CVE-2020-12864: An out-of-bounds read in SANE Backends before 12020-06-24
OSV
CVE-2020-12864: An out-of-bounds read in SANE Backends before 12020-06-24

📋Vendor Advisories

3
Ubuntu
sane-backends vulnerabilities2020-08-24
Red Hat
sane-backends: Reading uninitialized data in epsonds_net_read in epsonds-net.c2020-05-17
Debian
CVE-2020-12864: sane-backends - An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious devic...2020

💬Community

3
Bugzilla
CVE-2020-12864 mingw-sane-backends: sane-backends: Reading uninitialized data in epsonds_net_read in epsonds-net.c [fedora-all]2020-06-24
Bugzilla
CVE-2020-12864 sane-backends: Reading uninitialized data in epsonds_net_read in epsonds-net.c2020-06-24
Bugzilla
CVE-2020-12864 sane-backends: Reading uninitialized data in epsonds_net_read in epsonds-net.c [fedora-all]2020-06-24
CVE-2020-12864 — Out-of-bounds Read in Sane Backends | cvebase