First published: Tue Mar 24 2020(Updated: )
An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger this vulnerability through decoding of the domain name performed by rr_decode.
Credit: talos-cna@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Videolabs libmicrodns | =0.1.0 | |
Debian Debian Linux | =9.0 | |
Debian Debian Linux | =10.0 | |
debian/vlc | 3.0.17.4-0+deb10u1 3.0.17.4-0+deb10u2 3.0.18-0+deb11u1 3.0.18-2 3.0.19-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2020-6079 is high with a CVSS score of 7.5.
CVE-2020-6079 is an exploitable denial-of-service vulnerability that exists in the resource allocation handling of Videolabs libmicrodns 0.1.0.
Videolabs libmicrodns 0.1.0, Debian Linux 9.0, Debian Linux 10.0, and VLC on Debian are affected by CVE-2020-6079.
CVE-2020-6079 can be exploited by triggering errors while parsing mDNS messages, which may lead to a denial-of-service condition via resource exhaustion.
To fix CVE-2020-6079, update to the latest version of the affected software or apply the appropriate security patches provided by the vendor.