An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-082.
CPE | Name | Operator | Version |
---|---|---|---|
ubuntu_linux | eq | 18.04 | |
ubuntu_linux | eq | 20.04 | |
ubuntu_linux | eq | 16.04 | |
debian_linux | eq | 9.0 | |
leap | eq | 15.1 | |
leap | eq | 15.2 | |
sane_backends | lt | 1.0.30 |
lists.opensuse.org/opensuse-security-announce/2020-10/msg00079.html
lists.opensuse.org/opensuse-security-announce/2020-11/msg00003.html
alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html
lists.debian.org/debian-lts-announce/2020/08/msg00029.html
lists.debian.org/debian-lts-announce/2020/10/msg00010.html
securitylab.github.com/advisories/GHSL-2020-075-libsane
usn.ubuntu.com/4470-1/