CVE-2020-12862

Sažetak

An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-082.

Reference

https://securitylab.github.com/advisories/GHSL-2020-075-libsane
https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html
https://lists.debian.org/debian-lts-announce/2020/08/msg00029.html
https://usn.ubuntu.com/4470-1/
https://lists.debian.org/debian-lts-announce/2020/10/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00079.html

CVSS

Base:	3.3
Impact:	2.9
Exploitability:	6.5

Pristup

Vektor	Složenost	Autentikacija
ADJACENT_NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:A/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

08-11-2022 - 03:32

Objavljeno

24-06-2020 - 13:15