Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-12863

Опубликовано: 17 мая 2020
Источник: redhat
CVSS3: 4.8

Описание

An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-083.

Отчет

The vulnerable code is a part of "driver for Epson ESC/I-2 scanners" which was first introduced in sane-backends-1.0.25. (via https://gitlab.com/sane-project/backends/-/commit/d72f4663c0ad6e6f779c15c8baf5f92b675ae19a) Therefore only versions of sane-backends shipped with Red Hat Enterprise Linux 8 is affected by this flaw.

Меры по смягчению последствий

This flaw can be mitigated by limiting network scanner discovery to a trusted subnet via the "net" configuration in the "/etc/sane.d/epsonds.conf" configuration file. Also automatic network scanner discovery can be turned off by commenting out the line "net autodiscovery" in the same configuration file.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5sane-backendsNot affected
Red Hat Enterprise Linux 6sane-backendsNot affected
Red Hat Enterprise Linux 7sane-backendsNot affected
Red Hat Enterprise Linux 8sane-backendsAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=1850588sane-backends: Out-of-bounds read in esci2_check_header

4.8 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-12863

CVSS3: 4.3
ubuntu
больше 5 лет назад

An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-083.

nvd логотип

CVE-2020-12863

CVSS3: 4.3
nvd
больше 5 лет назад

An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-083.

debian логотип

CVE-2020-12863

CVSS3: 4.3
debian
больше 5 лет назад

An out-of-bounds read in SANE Backends before 1.0.30 may allow a malic ...

github логотип

GHSA-7jm4-rcxg-c53x

CVSS3: 4.3
github
больше 3 лет назад

An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-083.

fstec логотип

BDU:2021-03721

CVSS3: 4.3
fstec
больше 5 лет назад

Уязвимость интерфейса, который предоставляет доступ к устройствам сканирования растровых изображений SANE, связанная с чтением за допустимыми границами буфера данных, позволяющая нарушителю получить доступ к конфиденциальным данным

4.8 Medium

CVSS3