Sane 1.2.1 heap bounds overwrite in init_options() from backend/test.c via a long init_mode string in a configuration file. NOTE: this is disputed because there is no expectation that test.c code should be executed with an attacker-controlled configuration file.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-27
Updated
2024-03-27
An issue in Sane 1.2.1 allows a local attacker to execute arbitrary code via a crafted file to the sanei_configure_attach() function. NOTE: this is disputed because there is no expectation that the product should be starting with an attacker-controlled configuration file.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-27
Updated
2024-03-27
saned in sane-backends 1.0.7 and earlier, and possibly later versions, does not properly allocate memory in certain cases, which could allow attackers to cause a denial of service (memory consumption).
Max CVSS
5.0
EPSS Score
0.88%
Published
2003-09-22
Updated
2008-09-10
saned in sane-backends 1.0.7 and earlier, when debug messages are enabled, does not properly handle dropped connections, which can prevent strings from being null terminated and cause a denial of service (segmentation fault).
Max CVSS
5.0
EPSS Score
0.53%
Published
2003-09-22
Updated
2008-09-10
saned in sane-backends 1.0.7 and earlier does not properly "check the validity of the RPC numbers it gets before getting the parameters," with unknown consequences.
Max CVSS
7.5
EPSS Score
0.75%
Published
2003-09-22
Updated
2008-09-10
saned in sane-backends 1.0.7 and earlier calls malloc with an arbitrary size value if a connection is dropped before the size value has been sent, which allows remote attackers to cause a denial of service (memory consumption or crash).
Max CVSS
5.0
EPSS Score
2.58%
Published
2003-09-22
Updated
2008-09-10
saned in sane-backends 1.0.7 and earlier does not quickly handle connection drops, which allows remote attackers to cause a denial of service (segmentation fault) when invalid memory is accessed.
Max CVSS
7.5
EPSS Score
1.98%
Published
2003-09-22
Updated
2008-09-10
saned in sane-backends 1.0.7 and earlier does not check the IP address of the connecting host during the SANE_NET_INIT RPC call, which allows remote attackers to use that call even if they are restricted in saned.conf.
Max CVSS
7.5
EPSS Score
1.30%
Published
2003-09-22
Updated
2013-08-23
8 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!