CVE-2020-12867NULL Pointer Dereference in Sane Backends

CWE-476NULL Pointer Dereference11 documents8 sources
Severity
5.5MEDIUMNVD
OSV7.5
EPSS
0.1%
top 68.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Sane-project Sane BackendsSane-backends Project Sane-backendsCanonical Ubuntu Linux+3 more
Timeline
PublishedJun 1
Latest updateMay 24

Description

A NULL pointer dereference in sanei_epson_net_read in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, aka GHSL-2020-075.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

Ubuntusane-backends_project/sane-backends< 1.0.25+git20150528-1ubuntu2.16.04.3+2
NVDopensuse/leap15.1, 15.2+1

Also affects: Debian Linux 9.0, Fedora 32, Ubuntu Linux 16.04, 18.04, 20.04

🔴Vulnerability Details

4
GHSA
GHSA-8h2v-25vm-v6j2: A NULL pointer dereference in sanei_epson_net_read in SANE Backends through 12022-05-24
OSV
sane-backends vulnerabilities2020-08-24
OSV
CVE-2020-12867: A NULL pointer dereference in sanei_epson_net_read in SANE Backends before 12020-06-01
CVEList
CVE-2020-12867: A NULL pointer dereference in sanei_epson_net_read in SANE Backends before 12020-06-01

📋Vendor Advisories

3
Ubuntu
sane-backends vulnerabilities2020-08-24
Red Hat
sane-backends: NULL pointer dereference in sanei_epson_net_read function2020-06-01
Debian
CVE-2020-12867: sane-backends - A NULL pointer dereference in sanei_epson_net_read in SANE Backends before 1.0.3...2020

💬Community

3
Bugzilla
CVE-2020-12867 sane-backends: NULL pointer dereference in sanei_epson_net_read function2020-06-17
Bugzilla
CVE-2020-12867 sane-backends: NULL pointer dereference in sanei_epson_net_read function [fedora-all]2020-06-17
Bugzilla
CVE-2020-12867 mingw-sane-backends: sane-backends: NULL pointer dereference in sanei_epson_net_read function [fedora-all]2020-06-17
CVE-2020-12867 — NULL Pointer Dereference | cvebase