PT-2016-3236 · Sane+4 · Sane-Backends+4

Kritphong Mongkhonvanit

·

Publicado

2016-12-16

·

Atualizado

2020-11-03

·

CVE-2017-6318

CVSS v3.1

7.5

Alta

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions sane-backends version 1.0.25
Description The issue is related to insufficient protection of internal data in the sane-backends package. It can be exploited by a remote attacker using a specially crafted SANE NET CONTROL OPTION packet to compromise data confidentiality. This may allow the attacker to obtain sensitive memory information.
Recommendations For version 1.0.25, consider restricting access to the SANE NET CONTROL OPTION packet to minimize the risk of exploitation until a patch is available.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

ALT-PU-2017-1658
BDU:2018-00027
CVE-2017-6318
DLA-940-1
MGASA-2017-0208
OPENSUSE-SU-2024:11366-1
SUSE-SU-2017:0713-1
SUSE-SU-2017:0717-1
SUSE-SU-2017_0713-1
SUSE-SU-2017_0717-1
SUSE-SU-2020:3125-1
SUSE-SU-2020_3125-1
USN-4470-1

Produtos afetados

Alt Linux
Linuxmint
Suse
Ubuntu
Sane-Backends