First published: Tue Mar 24 2020(Updated: )
An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages in mdns_recv, the return value of the mdns_read_header function is not checked, leading to an uninitialized variable usage that eventually results in a null pointer dereference, leading to service crash. An attacker can send a series of mDNS messages to trigger this vulnerability.
Credit: talos-cna@cisco.com talos-cna@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
debian/vlc | 3.0.17.4-0+deb10u1 3.0.17.4-0+deb10u2 3.0.18-0+deb11u1 3.0.18-2 3.0.19-1 | |
Videolabs libmicrodns | =0.1.0 | |
Debian Debian Linux | =9.0 | |
Debian Debian Linux | =10.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-6078 is a denial-of-service vulnerability in the message-parsing functionality of Videolabs libmicrodns 0.1.0.
CVE-2020-6078 has a severity rating of 7.5 (high).
CVE-2020-6078 affects Videolabs libmicrodns 0.1.0 and Debian Debian Linux 9.0 and 10.0, as well as VLC versions 3.0.17.4-0+deb10u1, 3.0.17.4-0+deb10u2, 3.0.18-0+deb11u1, 3.0.18-2, and 3.0.19-1.
To fix CVE-2020-6078, it is recommended to update the affected software to the latest versions available.
You can find more information about CVE-2020-6078 at the following references: [link1](https://talosintelligence.com/vulnerability_reports/TALOS-2020-1001), [link2](https://security-tracker.debian.org/tracker/CVE-2020-6078), [link3](https://security.gentoo.org/glsa/202005-10).