CVE-2020-6072

Published: Mar 24, 2020Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the rr_decode function's return value is not checked, leading to a double free that could be exploited to execute arbitrary code. An attacker can send an mDNS message to trigger this vulnerability.

Affected (2)

Products: Videolabs: Libmicrodns · Debian: Debian Linux

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Videolabs Libmicrodns	Version 0.1.0

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 9.0

Related CWEs

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

References (6)

https://security.gentoo.org/glsa/202005-10

Source: talos-cna@cisco.com

Third Party Advisory

https://talosintelligence.com/vulnerability_reports/TALOS-2020-0995

Source: talos-cna@cisco.com

ExploitTechnical DescriptionThird Party Advisory

https://www.debian.org/security/2020/dsa-4671

Source: talos-cna@cisco.com

Third Party Advisory

https://security.gentoo.org/glsa/202005-10

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://talosintelligence.com/vulnerability_reports/TALOS-2020-0995

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitTechnical DescriptionThird Party Advisory

https://www.debian.org/security/2020/dsa-4671

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.