Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2020-6078 - log back

CVE-2020-6078 edited at 17 Apr 2020 21:10:43

Severity

-	Unknown
+	Medium

Remote

-	Unknown
+	Remote

Type

-	Unknown
+	Denial of service

Description

+

An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages in mdns_recv, the return value of the mdns_read_header function is not checked, leading to an uninitialized variable usage that eventually results in a null pointer dereference, leading to service crash. An attacker can send a series of mDNS messages to trigger this vulnerability.

References

+	https://talosintelligence.com/vulnerability_reports/TALOS-2020-1001
+	https://github.com/videolabs/libmicrodns/commit/4fb18284bea9a4f5eaf7745d72965b9b24e27d61

Notes

CVE-2020-6078 created at 17 Apr 2020 20:55:55