vulnerability

FreeBSD: VID-28481349-7E20-4F80-AE1E-E6BF48D4F17C (CVE-2020-12866): Sane -- Multiple Vulnerabilities

Severity
3
CVSS
(AV:A/AC:L/Au:S/C:N/I:N/A:P)
Published
May 17, 2020
Added
May 29, 2020
Modified
Oct 20, 2020

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.


From VID-28481349-7E20-4F80-AE1E-E6BF48D4F17C:




The Sane Project reports:



epson2: fixes CVE-2020-12867 (GHSL-2020-075) and several memory management issues found while addressing that CVE


epsonds: addresses out-of-bound memory access issues to fix CVE-2020-12862 (GHSL-2020-082) and CVE-2020-12863 (GHSL-2020-083), addresses a buffer overflow fixing CVE-2020-12865 (GHSL-2020-084) and disables network autodiscovery to mitigate CVE-2020-12866 (GHSL-2020-079), CVE-2020-12861 (GHSL-2020-080) and CVE-2020-12864 (GHSL-2020-081). Note that this backend does not support network scanners to begin with.


magicolor: fixes a floating point exception and uninitialized data read


fixes an overflow in sanei_tcp_read()




Solution

freebsd-upgrade-package-sane-backends
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.