Vulnerability Details CVE-2017-6318
saned in sane-backends 1.0.25 allows remote attackers to obtain sensitive memory information via a crafted SANE_NET_CONTROL_OPTION packet.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.7%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://lists.alioth.debian.org/pipermail/sane-devel/2017-February/035054.html
- http://lists.alioth.debian.org/pipermail/sane-devel/2017-February/035059.html
- http://lists.opensuse.org/opensuse-updates/2017-03/msg00016.html
- http://www.securityfocus.com/bid/97028
- https://alioth.debian.org/tracker/index.php?func=detail&aid=315576
- https://lists.alioth.debian.org/pipermail/sane-devel/2017-February/035029.html
- https://usn.ubuntu.com/4470-1/
- http://lists.alioth.debian.org/pipermail/sane-devel/2017-February/035054.html
- http://lists.alioth.debian.org/pipermail/sane-devel/2017-February/035059.html
- http://lists.opensuse.org/opensuse-updates/2017-03/msg00016.html
- http://www.securityfocus.com/bid/97028
- https://alioth.debian.org/tracker/index.php?func=detail&aid=315576
- https://lists.alioth.debian.org/pipermail/sane-devel/2017-February/035029.html
- https://usn.ubuntu.com/4470-1/
Products affected by CVE-2017-6318
-
cpe:2.3:a:sane-backends_project:sane-backends:1.0.25
-
cpe:2.3:o:opensuse:leap:42.1