Alpine: multiple sane packages: security update to 1.0.30-r0

high Tenable Self-Hosted Container Security Plugin ID 407127

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

- A heap buffer overflow in SANE Backends before 1.0.30 allows a malicious device connected to the same
local network as the victim to execute arbitrary code, aka GHSL-2020-080. (CVE-2020-12861)

- An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same
local network as the victim to read important information, such as the ASLR offsets of the program, aka
GHSL-2020-082. (CVE-2020-12862)

- An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same
local network as the victim to read important information, such as the ASLR offsets of the program, aka
GHSL-2020-083. (CVE-2020-12863)

- An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same
local network as the victim to read important information, such as the ASLR offsets of the program, aka
GHSL-2020-081. (CVE-2020-12864)

See Also

https://security.alpinelinux.org/vuln/CVE-2020-12861

https://security.alpinelinux.org/vuln/CVE-2020-12862

https://security.alpinelinux.org/vuln/CVE-2020-12863

https://security.alpinelinux.org/vuln/CVE-2020-12864

https://security.alpinelinux.org/vuln/CVE-2020-12865

https://security.alpinelinux.org/vuln/CVE-2020-12866

https://security.alpinelinux.org/vuln/CVE-2020-12867

Plugin Details

Severity: High

ID: 407127

Version: Revision 1.26

Type: Local

Published: 10/31/2023

Updated: 12/4/2025

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

Percentile: 57.15

CVSS v2

Risk Factor: High

Base Score: 7.9

Temporal Score: 6.2

Vector: CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2020-12861

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 6/1/2020

Reference Information

CVE: CVE-2020-12861, CVE-2020-12862, CVE-2020-12863, CVE-2020-12864, CVE-2020-12865, CVE-2020-12866, CVE-2020-12867