Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-12864

Опубликовано: 17 мая 2020
Источник: redhat
CVSS3: 5.3
EPSS Низкий

Описание

An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-081.

Отчет

The vulnerable code is a part of "driver for Epson ESC/I-2 scanners" which was first introduced in sane-backends-1.0.25. (via https://gitlab.com/sane-project/backends/-/commit/d72f4663c0ad6e6f779c15c8baf5f92b675ae19a) Therefore only versions of sane-backends shipped with Red Hat Enterprise Linux 8 is affected by this flaw.

Меры по смягчению последствий

This flaw can be mitigated by limiting network scanner discovery to a trusted subnet via the "net" configuration in the "/etc/sane.d/epsonds.conf" configuration file. Also automatic network scanner discovery can be turned off by commenting out the line "net autodiscovery" in the same configuration file.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5sane-backendsNot affected
Red Hat Enterprise Linux 6sane-backendsNot affected
Red Hat Enterprise Linux 7sane-backendsNot affected
Red Hat Enterprise Linux 8sane-backendsAffected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=1850564sane-backends: Reading uninitialized data in epsonds_net_read in epsonds-net.c

EPSS

Процентиль: 41%
0.00188
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-12864

CVSS3: 4.3
ubuntu
больше 5 лет назад

An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-081.

nvd логотип

CVE-2020-12864

CVSS3: 4.3
nvd
больше 5 лет назад

An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-081.

debian логотип

CVE-2020-12864

CVSS3: 4.3
debian
больше 5 лет назад

An out-of-bounds read in SANE Backends before 1.0.30 may allow a malic ...

github логотип

GHSA-43w3-fxw8-8m47

CVSS3: 4.3
github
больше 3 лет назад

An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-081.

fstec логотип

BDU:2021-05273

CVSS3: 4.3
fstec
почти 6 лет назад

Уязвимость функции epsonds_net_read компонента epsonds-net.c API устройства сканирования растровых изображений SANE, связанная с чтением за допустимыми границами буфера данных, позволяющая нарушителю получить доступ к конфиденциальным данным

EPSS

Процентиль: 41%
0.00188
Низкий

5.3 Medium

CVSS3