CVE-2020-12866NULL Pointer Dereference in Sane Backends

CWE-476NULL Pointer DereferenceCWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-400Uncontrolled Resource Consumption11 documents8 sources
Severity
5.7MEDIUMNVD
OSV7.5
EPSS
0.3%
top 51.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Sane-project Sane BackendsSane-backends Project Sane-backendsCanonical Ubuntu Linux+1 more
Timeline
PublishedJun 24
Latest updateMay 24

Description

A NULL pointer dereference in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, GHSL-2020-079.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.1 | Impact: 3.6

Affected Packages3 packages

Ubuntusane-backends_project/sane-backends< 1.0.25+git20150528-1ubuntu2.16.04.3+2
NVDopensuse/leap15.1, 15.2+1

Also affects: Ubuntu Linux 16.04, 18.04, 20.04

🔴Vulnerability Details

4
GHSA
GHSA-q62j-4q9v-xgm7: A NULL pointer dereference in SANE Backends before 12022-05-24
OSV
sane-backends vulnerabilities2020-08-24
OSV
CVE-2020-12866: A NULL pointer dereference in SANE Backends before 12020-06-24
CVEList
CVE-2020-12866: A NULL pointer dereference in SANE Backends before 12020-06-24

📋Vendor Advisories

3
Ubuntu
sane-backends vulnerabilities2020-08-24
Red Hat
sane-backends: null pointer dereference in epsonds_net_read in epsonds-net.c2020-05-17
Debian
CVE-2020-12866: sane-backends - A NULL pointer dereference in SANE Backends before 1.0.30 allows a malicious dev...2020

💬Community

3
Bugzilla
CVE-2020-12866 sane-backends: null pointer dereference in epsonds_net_read [fedora-all]2020-06-24
Bugzilla
CVE-2020-12866 sane-backends: null pointer dereference in epsonds_net_read in epsonds-net.c2020-06-24
Bugzilla
CVE-2020-12866 mingw-sane-backends: sane-backends: null pointer dereference in epsonds_net_read in epsonds-net.c [fedora-all]2020-06-24
CVE-2020-12866 — NULL Pointer Dereference | cvebase