First published: Tue Mar 24 2020(Updated: )
Credit: talos-cna@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
debian/vlc | 3.0.17.4-0+deb10u1 3.0.17.4-0+deb10u2 3.0.18-0+deb11u1 3.0.18-2 3.0.19-1 | |
Videolabs libmicrodns | =0.1.0 | |
Debian Debian Linux | =9.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-6072 is an exploitable code execution vulnerability in the label-parsing functionality of Videolabs libmicrodns 0.1.0.
CVE-2020-6072 is classified as critical with a severity score of 9.8.
CVE-2020-6072 affects Videolabs libmicrodns 0.1.0 and Debian Linux 9.0 with VLC versions 3.0.17.4-0+deb10u1, 3.0.17.4-0+deb10u2, 3.0.18-0+deb11u1, 3.0.18-2, and 3.0.19-1.
CVE-2020-6072 can be exploited by parsing compressed labels in mDNS messages, which triggers a double free vulnerability that allows arbitrary code execution.
For more information about CVE-2020-6072, you can refer to the following sources: - Talos Intelligence: [link1] - Debian Security Tracker: [link2] - Gentoo GLSA: [link3] [link1]: https://talosintelligence.com/vulnerability_reports/TALOS-2020-0995 [link2]: https://security-tracker.debian.org/tracker/CVE-2020-6072 [link3]: https://security.gentoo.org/glsa/202005-10