[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248678

 
 

909

 
 

195426

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2020-12867Date: (C)2020-06-02   (M)2023-12-22


A NULL pointer dereference in sanei_epson_net_read in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, aka GHSL-2020-075.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 5.5CVSS Score : 2.1
Exploit Score: 1.8Exploit Score: 3.9
Impact Score: 3.6Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: LOCALAccess Vector: LOCAL
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: LOWAuthentication: NONE
User Interaction: NONEConfidentiality: NONE
Scope: UNCHANGEDIntegrity: NONE
Confidentiality: NONEAvailability: PARTIAL
Integrity: NONE 
Availability: HIGH 
  
Reference:
FEDORA-2020-b845771719
USN-4470-1
https://lists.debian.org/debian-lts-announce/2020/08/msg00029.html
https://lists.debian.org/debian-lts-announce/2020/10/msg00010.html
https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html
https://gitlab.com/sane-project/backends/-/issues/279#issue-1-ghsl-2020-075-null-pointer-dereference-in-sanei_epson_net_read
https://securitylab.github.com/advisories/GHSL-2020-075-libsane
openSUSE-SU-2020:1791
openSUSE-SU-2020:1798

CPE    2
cpe:/o:debian:debian_linux:9.0
cpe:/o:canonical:ubuntu_linux:18.04::~~lts~~~
CWE    1
CWE-476
OVAL    12
oval:org.secpod.oval:def:506054
oval:org.secpod.oval:def:67030
oval:org.secpod.oval:def:65301
oval:org.secpod.oval:def:67022
...

© SecPod Technologies