Sane Backends
CVE-2020-12866
MEDIUM
Severity by source
AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
A NULL pointer dereference in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, GHSL-2020-079.
AnalysisAI
A NULL pointer dereference in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, GHSL-2020-079. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as NULL Pointer Dereference (CWE-476), which allows attackers to crash the application by dereferencing a null pointer. A NULL pointer dereference in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, GHSL-2020-079. Affected products include: Sane-Project Sane Backends, Canonical Ubuntu Linux, Opensuse Leap. Version information: before 1.0.30.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Check pointers before dereferencing. Use static analysis tools to detect null pointer paths.
More in Sane Backends
View allA heap buffer overflow in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as t
A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network a
A NULL pointer dereference in sanei_epson_net_read in SANE Backends before 1.0.30 allows a malicious device connected to
An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as
An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as
An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as
saned in sane-backends 1.0.25 allows remote attackers to obtain sensitive memory information via a crafted SANE_NET_CONT
Same weakness CWE-476 – NULL Pointer Dereference
View allSame technique Null Pointer Dereference
View allShare
External POC / Exploit Code
Leaving vuln.today