CVE-2020-12866

Published: 24 June 2020

A NULL pointer dereference in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, GHSL-2020-079.

Priority

CVSS 3 base score: 5.7

Status

Package	Release	Status
sane-backends Launchpad, Ubuntu, Debian	bionic	Released (1.0.27-1~experimental3ubuntu2.3)
	eoan	Ignored (reached end-of-life)
	focal	Released (1.0.29-0ubuntu5.1)
	precise	Does not exist
	trusty	Does not exist
	upstream	Released (1.0.30)
	xenial	Not vulnerable (code not present)
	Patches: upstream: https://gitlab.com/sane-project/backends/-/commit/30b1831a28f24ab2921b9f717c66d37f02bb81cc

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12866
https://gitlab.com/sane-project/backends/-/releases/1.0.30
https://ubuntu.com/security/notices/USN-4470-1
NVD
Launchpad
Debian

Bugs

https://gitlab.com/sane-project/backends/-/issues/279
https://gitlab.com/sane-project/backends/-/issues/279#issue-2-ghsl-2020-079-null-pointer-dereference-in-epsonds_net_read
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961302

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›