CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-46047

An issue in Sane 1.2.1 allows a local attacker to execute arbitrary code via a crafted file to the sanei_configure_attach() function. NOTE: this is disputed because there is no expectation that the product should be starting with an attacker-controlled configuration file.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 10.4%

CVSS Severity

CVSS v3 Score 7.3

References

http://seclists.org/fulldisclosure/2024/Jan/64
https://gitlab.com/sane-project/backends/-/issues/708
http://packetstormsecurity.com/files/176818/sane-1.2.1-Null-Pointer.html
http://seclists.org/fulldisclosure/2024/Jan/64
https://gitlab.com/sane-project/backends/-/issues/708

Products affected by CVE-2023-46047

Sane-Project » Sane Backends » Version: N/A

cpe:2.3:h:sane-project:sane_backends:-
Sane-Project » Sane Backends » Version: 1.2.1

cpe:2.3:o:sane-project:sane_backends:1.2.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-46047

Products

Pricing

Contact Us