First published: Tue Mar 24 2020(Updated: )
An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger this vulnerability through the function rr_read_RR [5] reads the current resource record, except for the RDATA section. This is read by the loop at in rr_read. For each RR type, a different function is called. When the RR type is 0x10, the function rr_read_TXT is called at [6].
Credit: talos-cna@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
debian/vlc | 3.0.17.4-0+deb10u1 3.0.17.4-0+deb10u2 3.0.18-0+deb11u1 3.0.18-2 3.0.19-1 | |
Videolabs libmicrodns | =0.1.0 | |
Debian Debian Linux | =9.0 | |
Debian Debian Linux | =10.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-6080 is a denial-of-service vulnerability in the resource allocation handling of Videolabs libmicrodns 0.1.0.
Debian Debian Linux 9.0 is affected by CVE-2020-6080.
CVE-2020-6080 has a severity rating of 7.5 (high).
To fix the CVE-2020-6080 vulnerability in Videolabs libmicrodns 0.1.0, update to version 3.0.19-1 or later.
For more information about CVE-2020-6080, you can refer to the following sources: [link1](https://talosintelligence.com/vulnerability_reports/TALOS-2020-1002), [link2](https://security-tracker.debian.org/tracker/CVE-2020-6080), [link3](https://security.gentoo.org/glsa/202005-10)