CVE-2020-12867

Опубликовано: 01 июн. 2020

Источник: nvd

CVSS3: 5.5

CVSS2: 2.1

EPSS Низкий

Описание

A NULL pointer dereference in sanei_epson_net_read in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, aka GHSL-2020-075.

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00079.html
Broken Link
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00003.html
Broken Link
Mailing List
Third Party Advisory
https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html
Mailing List
Third Party Advisory
https://gitlab.com/sane-project/backends/-/issues/279#issue-1-ghsl-2020-075-null-pointer-dereference-in-sanei_epson_net_read
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/08/msg00029.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/10/msg00010.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWUVCHURVGGYBEUOBA4PLSNXJVBKHJYJ/
https://securitylab.github.com/advisories/GHSL-2020-075-libsane
Exploit
Third Party Advisory
https://usn.ubuntu.com/4470-1/
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00079.html
Broken Link
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00003.html
Broken Link
Mailing List
Third Party Advisory
https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html
Mailing List
Third Party Advisory
https://gitlab.com/sane-project/backends/-/issues/279#issue-1-ghsl-2020-075-null-pointer-dereference-in-sanei_epson_net_read
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/08/msg00029.html
Mailing List
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/10/msg00010.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWUVCHURVGGYBEUOBA4PLSNXJVBKHJYJ/
https://securitylab.github.com/advisories/GHSL-2020-075-libsane
Exploit
Third Party Advisory
https://usn.ubuntu.com/4470-1/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:sane-project:sane_backends:*:*:*:*:*:*:*:*

Версия до 1.0.30 (исключая)

cpe:2.3:h:sane-project:sane_backends:-:*:*:*:*:*:*:*

Конфигурация 2

cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*

Конфигурация 5

Одно из

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*

EPSS

Процентиль: 31%

0.00113

Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-476

Связанные уязвимости

CVE-2020-12867

CVSS3: 5.5

ubuntu

около 5 лет назад

CVE-2020-12867

CVSS3: 5.7

redhat

около 5 лет назад

CVE-2020-12867

CVSS3: 5.5

debian

около 5 лет назад

A NULL pointer dereference in sanei_epson_net_read in SANE Backends be ...

RLSA-2021:1744

rocky

около 4 лет назад

Moderate: sane-backends security update

GHSA-8h2v-25vm-v6j2

CVSS3: 5.5

github

около 3 лет назад

A NULL pointer dereference in sanei_epson_net_read in SANE Backends through 1.0.29 allows a malicious device connected to the same local network as the victim to cause a denial of service, aka GHSL-2020-075.

EPSS

Процентиль: 31%

0.00113

Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-476