CVE-2020-12863: 
Linux Debian vulnerability analysis and mitigation

An out-of-bounds read vulnerability (CVE-2020-12863) was discovered in SANE Backends before version 1.0.30. The vulnerability, also known as GHSL-2020-083, affects the esci2_check_header function where improper memory handling could allow a malicious device connected to the same local network as the victim to read important information (GitHub Lab, Debian LTS).

The vulnerability exists in the esci2_check_header function where sscanf is used to read a number from a message. The function processes a 64-byte stack buffer (rbuf in esci2_cmd) whose contents can be controlled by an attacker. If the attacker fills the buffer with the character '0', sscanf will read beyond the buffer boundaries. When the characters beyond the buffer are valid hexadecimal digits, they are converted to a number and written to the variable 'more', which is then included in the next message sent to the malicious device (GitHub Lab).

The vulnerability could allow an attacker to read important information, such as the ASLR (Address Space Layout Randomization) offsets of the program. However, the practical impact is considered low severity because the byte immediately following the buffer is usually not a valid hexadecimal digit, which prevents information disclosure from occurring (GitHub Lab).

The vulnerability was fixed in SANE Backends version 1.0.30. Various distributions have released security updates to address this issue: Ubuntu has released updates for versions 20.04 LTS (1.0.29-0ubuntu5.1), 18.04 LTS (1.0.27-1~experimental3ubuntu2.3), and 16.04 LTS (1.0.25+git20150528-1ubuntu2.16.04.3) (Ubuntu USN), while Debian released version 1.0.25-4.1+deb9u1 for Debian 9 stretch (Debian LTS).