CVE Vulnerabilities

CVE-2020-12866

NULL Pointer Dereference

Published: Jun 24, 2020 | Modified: Nov 21, 2022
CVSS 3.x
5.7
MEDIUM
Source:
NVD
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
2.7 LOW
AV:A/AC:L/Au:S/C:N/I:N/A:P
RedHat/V2
RedHat/V3
5.7 MODERATE
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Ubuntu
MEDIUM

A NULL pointer dereference in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to cause a denial of service, GHSL-2020-079.

Weakness

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Affected Software

Name Vendor Start Version End Version
Sane_backends Sane-project * 1.0.30 (excluding)
Sane-backends Ubuntu bionic *
Sane-backends Ubuntu eoan *
Sane-backends Ubuntu focal *
Sane-backends Ubuntu trusty *
Sane-backends Ubuntu upstream *

Potential Mitigations

References