7 matches found
CVE-2020-6078
libmicrodns 0.1.0 is affected by CVE-2020-6078, where mdns_recv does not validate the return value of mdns_read_header, causing uninitialized variable usage and a null pointer dereference that can crash the service. This is one of multiple mDNS-related issues reported for libmicrodns. Evidence in...
CVE-2020-6079
libmicrodns 0.1.0 contains multiple CVEs including CVE-2020-6079, a denial-of-service in resource allocation during mDNS parsing where allocated data may not be freed. An attacker can trigger this by sending repeated mDNS messages; overall impact includes potential service disruption. Upstream fi...
CVE-2020-6071
CVE-2020-6071 affects Videolabs libmicrodns 0.1.0, where the mDNS label parsing uses compressed pointers without recursion checks. This can allow a remote attacker to trigger a denial-of-service via crafted mDNS messages that exploit the compression pointer handling. Public references in connecte...
CVE-2020-6073
CVE-2020-6073 affects Videolabs libmicrodns 0.1.0. A vulnerability in the TXT record parsing functionality (RDATA in TXT records) can trigger multiple integer overflows when processing mDNS messages, leading to a denial of service. Exploitation is possible remotely by sending crafted mDNS traffic...
CVE-2020-6077
Libmicrodns 0.1.0 from Videolabs contains a denial-of-service vulnerability in the mDNS message parsing that can lead to an out-of-bounds read. The issue arises when parsing mDNS messages and not properly tracking available data, enabling an attacker to trigger a crash. Affected component: libmic...
CVE-2020-6072
CVE-2020-6072 affects libmicrodns 0.1.0 in the label-parsing path. The rr_decode return value is not checked when parsing compressed labels in mDNS messages, leading to a double free that can be exploited to execute arbitrary code. Impact is remote via crafted mDNS traffic; affected components ar...
CVE-2020-6080
Vulnerability CVE-2020-6080 affects Videolabs libmicrodns 0.1.0. The issue is in mDNS message parsing/resource allocation handling, where errors during parsing can leave allocated data unfreed, enabling denial-of-service via resource exhaustion. The Arch Linux ASA-202004-24 describes multiple CVE...