PT-2016-3236 · Sane+4 · Sane-Backends+4

Kritphong Mongkhonvanit

Published

2016-12-16

Updated

2020-11-03

CVE-2017-6318

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions sane-backends version 1.0.25

Description The issue is related to insufficient protection of internal data in the sane-backends package. It can be exploited by a remote attacker using a specially crafted SANE NET CONTROL OPTION packet to compromise data confidentiality. This may allow the attacker to obtain sensitive memory information.

Recommendations For version 1.0.25, consider restricting access to the SANE NET CONTROL OPTION packet to minimize the risk of exploitation until a patch is available.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

ALT-PU-2017-1658

BDU:2018-00027

CVE-2017-6318

DLA-940-1

MGASA-2017-0208

OPENSUSE-SU-2024:11366-1

SUSE-SU-2017:0713-1

SUSE-SU-2017:0717-1

SUSE-SU-2017_0713-1

SUSE-SU-2017_0717-1

SUSE-SU-2020:3125-1

SUSE-SU-2020_3125-1

USN-4470-1

Affected Products

Alt Linux

Linuxmint

Suse

Ubuntu

Sane-Backends

PT-2016-3236 · Sane+4 · Sane-Backends+4

CVE-2017-6318

Weakness Enumeration

Related Identifiers

Affected Products

References · 48