CVE-2020-6079

Published: Mar 24, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger this vulnerability through decoding of the domain name performed by rr_decode.

Affected (3)

Products: Videolabs: Libmicrodns · Debian: Debian Linux

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Videolabs Libmicrodns	Version 0.1.0

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 9.0

Related CWEs

Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References (6)

https://security.gentoo.org/glsa/202005-10

Source: talos-cna@cisco.com

Third Party Advisory

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1002

Source: talos-cna@cisco.com

ExploitTechnical DescriptionThird Party Advisory

https://www.debian.org/security/2020/dsa-4671

Source: talos-cna@cisco.com

Third Party Advisory

https://security.gentoo.org/glsa/202005-10

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1002

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitTechnical DescriptionThird Party Advisory

https://www.debian.org/security/2020/dsa-4671

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.