Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
14 vulnerabilities found for libmicrodns by videolabs
CVE-2020-6080 (GCVE-0-2020-6080)
Vulnerability from nvd – Published: 2020-03-24 20:50 – Updated: 2024-08-04 08:47
VLAI?
Summary
An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger this vulnerability through the function rr_read_RR [5] reads the current resource record, except for the RDATA section. This is read by the loop at in rr_read. For each RR type, a different function is called. When the RR type is 0x10, the function rr_read_TXT is called at [6].
Severity ?
7.5 (High)
CWE
- denial of service
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:47:40.959Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4671",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4671"
},
{
"name": "GLSA-202005-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202005-10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1002"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Videolabs",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Videolabs libmicrodns 0.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger this vulnerability through the function rr_read_RR [5] reads the current resource record, except for the RDATA section. This is read by the loop at in rr_read. For each RR type, a different function is called. When the RR type is 0x10, the function rr_read_TXT is called at [6]."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T17:35:39.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "DSA-4671",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4671"
},
{
"name": "GLSA-202005-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202005-10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1002"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2020-6080",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Videolabs",
"version": {
"version_data": [
{
"version_value": "Videolabs libmicrodns 0.1.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger this vulnerability through the function rr_read_RR [5] reads the current resource record, except for the RDATA section. This is read by the loop at in rr_read. For each RR type, a different function is called. When the RR type is 0x10, the function rr_read_TXT is called at [6]."
}
]
},
"impact": {
"cvss": {
"baseScore": 7.5,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4671",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4671"
},
{
"name": "GLSA-202005-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202005-10"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1002",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1002"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2020-6080",
"datePublished": "2020-03-24T20:50:24.000Z",
"dateReserved": "2020-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:47:40.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6079 (GCVE-0-2020-6079)
Vulnerability from nvd – Published: 2020-03-24 20:49 – Updated: 2024-08-04 08:47
VLAI?
Summary
An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger this vulnerability through decoding of the domain name performed by rr_decode.
Severity ?
7.5 (High)
CWE
- denial of service
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:47:40.925Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4671",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4671"
},
{
"name": "GLSA-202005-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202005-10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1002"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Videolabs",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Videolabs libmicrodns 0.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger this vulnerability through decoding of the domain name performed by rr_decode."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T17:35:38.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "DSA-4671",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4671"
},
{
"name": "GLSA-202005-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202005-10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1002"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2020-6079",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Videolabs",
"version": {
"version_data": [
{
"version_value": "Videolabs libmicrodns 0.1.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger this vulnerability through decoding of the domain name performed by rr_decode."
}
]
},
"impact": {
"cvss": {
"baseScore": 7.5,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4671",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4671"
},
{
"name": "GLSA-202005-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202005-10"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1002",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1002"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2020-6079",
"datePublished": "2020-03-24T20:49:46.000Z",
"dateReserved": "2020-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:47:40.925Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6078 (GCVE-0-2020-6078)
Vulnerability from nvd – Published: 2020-03-24 20:39 – Updated: 2024-08-04 08:47
VLAI?
Summary
An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages in mdns_recv, the return value of the mdns_read_header function is not checked, leading to an uninitialized variable usage that eventually results in a null pointer dereference, leading to service crash. An attacker can send a series of mDNS messages to trigger this vulnerability.
Severity ?
7.5 (High)
CWE
- denial of service
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:47:41.076Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4671",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4671"
},
{
"name": "GLSA-202005-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202005-10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Videolabs",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Videolabs libmicrodns 0.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages in mdns_recv, the return value of the mdns_read_header function is not checked, leading to an uninitialized variable usage that eventually results in a null pointer dereference, leading to service crash. An attacker can send a series of mDNS messages to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T17:35:37.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "DSA-4671",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4671"
},
{
"name": "GLSA-202005-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202005-10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1001"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2020-6078",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Videolabs",
"version": {
"version_data": [
{
"version_value": "Videolabs libmicrodns 0.1.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages in mdns_recv, the return value of the mdns_read_header function is not checked, leading to an uninitialized variable usage that eventually results in a null pointer dereference, leading to service crash. An attacker can send a series of mDNS messages to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 7.5,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4671",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4671"
},
{
"name": "GLSA-202005-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202005-10"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1001",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1001"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2020-6078",
"datePublished": "2020-03-24T20:39:31.000Z",
"dateReserved": "2020-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:47:41.076Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6077 (GCVE-0-2020-6077)
Vulnerability from nvd – Published: 2020-03-24 20:39 – Updated: 2024-08-04 08:47
VLAI?
Summary
An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages, the implementation does not properly keep track of the available data in the message, possibly leading to an out-of-bounds read that would result in a denial of service. An attacker can send an mDNS message to trigger this vulnerability.
Severity ?
7.5 (High)
CWE
- denial of service
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:47:40.911Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4671",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4671"
},
{
"name": "GLSA-202005-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202005-10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1000"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Videolabs",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Videolabs libmicrodns 0.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages, the implementation does not properly keep track of the available data in the message, possibly leading to an out-of-bounds read that would result in a denial of service. An attacker can send an mDNS message to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T17:35:35.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "DSA-4671",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4671"
},
{
"name": "GLSA-202005-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202005-10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1000"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2020-6077",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Videolabs",
"version": {
"version_data": [
{
"version_value": "Videolabs libmicrodns 0.1.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages, the implementation does not properly keep track of the available data in the message, possibly leading to an out-of-bounds read that would result in a denial of service. An attacker can send an mDNS message to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 7.5,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4671",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4671"
},
{
"name": "GLSA-202005-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202005-10"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1000",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1000"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2020-6077",
"datePublished": "2020-03-24T20:39:22.000Z",
"dateReserved": "2020-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:47:40.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6073 (GCVE-0-2020-6073)
Vulnerability from nvd – Published: 2020-03-24 20:43 – Updated: 2024-08-04 08:47
VLAI?
Summary
An exploitable denial-of-service vulnerability exists in the TXT record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing the RDATA section in a TXT record in mDNS messages, multiple integer overflows can be triggered, leading to a denial of service. An attacker can send an mDNS message to trigger this vulnerability.
Severity ?
7.5 (High)
CWE
- denial of service
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:47:40.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4671",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4671"
},
{
"name": "GLSA-202005-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202005-10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-0996"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Videolabs",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Videolabs libmicrodns 0.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An exploitable denial-of-service vulnerability exists in the TXT record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing the RDATA section in a TXT record in mDNS messages, multiple integer overflows can be triggered, leading to a denial of service. An attacker can send an mDNS message to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T17:35:30.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "DSA-4671",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4671"
},
{
"name": "GLSA-202005-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202005-10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-0996"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2020-6073",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Videolabs",
"version": {
"version_data": [
{
"version_value": "Videolabs libmicrodns 0.1.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable denial-of-service vulnerability exists in the TXT record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing the RDATA section in a TXT record in mDNS messages, multiple integer overflows can be triggered, leading to a denial of service. An attacker can send an mDNS message to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 7.5,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4671",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4671"
},
{
"name": "GLSA-202005-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202005-10"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-0996",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-0996"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2020-6073",
"datePublished": "2020-03-24T20:43:10.000Z",
"dateReserved": "2020-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:47:40.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6072 (GCVE-0-2020-6072)
Vulnerability from nvd – Published: 2020-03-24 20:43 – Updated: 2024-08-04 08:47
VLAI?
Summary
An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the rr_decode function's return value is not checked, leading to a double free that could be exploited to execute arbitrary code. An attacker can send an mDNS message to trigger this vulnerability.
Severity ?
9.8 (Critical)
CWE
- code execution
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:47:41.030Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4671",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4671"
},
{
"name": "GLSA-202005-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202005-10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-0995"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Videolabs",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Videolabs libmircodns 0.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the rr_decode function\u0027s return value is not checked, leading to a double free that could be exploited to execute arbitrary code. An attacker can send an mDNS message to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T17:35:29.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "DSA-4671",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4671"
},
{
"name": "GLSA-202005-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202005-10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-0995"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2020-6072",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Videolabs",
"version": {
"version_data": [
{
"version_value": "Videolabs libmircodns 0.1.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the rr_decode function\u0027s return value is not checked, leading to a double free that could be exploited to execute arbitrary code. An attacker can send an mDNS message to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 9.8,
"baseSeverity": "Critical",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4671",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4671"
},
{
"name": "GLSA-202005-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202005-10"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-0995",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-0995"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2020-6072",
"datePublished": "2020-03-24T20:43:25.000Z",
"dateReserved": "2020-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:47:41.030Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6071 (GCVE-0-2020-6071)
Vulnerability from nvd – Published: 2020-03-24 20:43 – Updated: 2024-08-04 08:47
VLAI?
Summary
An exploitable denial-of-service vulnerability exists in the resource record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the compression pointer is followed without checking for recursion, leading to a denial of service. An attacker can send an mDNS message to trigger this vulnerability.
Severity ?
7.5 (High)
CWE
- denial of service
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:47:41.013Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4671",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4671"
},
{
"name": "GLSA-202005-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202005-10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-0994"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Videolabs",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Videolabs libmicrodns 0.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An exploitable denial-of-service vulnerability exists in the resource record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the compression pointer is followed without checking for recursion, leading to a denial of service. An attacker can send an mDNS message to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T17:35:27.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "DSA-4671",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4671"
},
{
"name": "GLSA-202005-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202005-10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-0994"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2020-6071",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Videolabs",
"version": {
"version_data": [
{
"version_value": "Videolabs libmicrodns 0.1.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable denial-of-service vulnerability exists in the resource record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the compression pointer is followed without checking for recursion, leading to a denial of service. An attacker can send an mDNS message to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 7.5,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4671",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4671"
},
{
"name": "GLSA-202005-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202005-10"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-0994",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-0994"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2020-6071",
"datePublished": "2020-03-24T20:43:17.000Z",
"dateReserved": "2020-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:47:41.013Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6080 (GCVE-0-2020-6080)
Vulnerability from cvelistv5 – Published: 2020-03-24 20:50 – Updated: 2024-08-04 08:47
VLAI?
Summary
An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger this vulnerability through the function rr_read_RR [5] reads the current resource record, except for the RDATA section. This is read by the loop at in rr_read. For each RR type, a different function is called. When the RR type is 0x10, the function rr_read_TXT is called at [6].
Severity ?
7.5 (High)
CWE
- denial of service
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:47:40.959Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4671",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4671"
},
{
"name": "GLSA-202005-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202005-10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1002"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Videolabs",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Videolabs libmicrodns 0.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger this vulnerability through the function rr_read_RR [5] reads the current resource record, except for the RDATA section. This is read by the loop at in rr_read. For each RR type, a different function is called. When the RR type is 0x10, the function rr_read_TXT is called at [6]."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T17:35:39.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "DSA-4671",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4671"
},
{
"name": "GLSA-202005-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202005-10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1002"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2020-6080",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Videolabs",
"version": {
"version_data": [
{
"version_value": "Videolabs libmicrodns 0.1.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger this vulnerability through the function rr_read_RR [5] reads the current resource record, except for the RDATA section. This is read by the loop at in rr_read. For each RR type, a different function is called. When the RR type is 0x10, the function rr_read_TXT is called at [6]."
}
]
},
"impact": {
"cvss": {
"baseScore": 7.5,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4671",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4671"
},
{
"name": "GLSA-202005-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202005-10"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1002",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1002"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2020-6080",
"datePublished": "2020-03-24T20:50:24.000Z",
"dateReserved": "2020-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:47:40.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6079 (GCVE-0-2020-6079)
Vulnerability from cvelistv5 – Published: 2020-03-24 20:49 – Updated: 2024-08-04 08:47
VLAI?
Summary
An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger this vulnerability through decoding of the domain name performed by rr_decode.
Severity ?
7.5 (High)
CWE
- denial of service
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:47:40.925Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4671",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4671"
},
{
"name": "GLSA-202005-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202005-10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1002"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Videolabs",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Videolabs libmicrodns 0.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger this vulnerability through decoding of the domain name performed by rr_decode."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T17:35:38.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "DSA-4671",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4671"
},
{
"name": "GLSA-202005-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202005-10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1002"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2020-6079",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Videolabs",
"version": {
"version_data": [
{
"version_value": "Videolabs libmicrodns 0.1.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger this vulnerability through decoding of the domain name performed by rr_decode."
}
]
},
"impact": {
"cvss": {
"baseScore": 7.5,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4671",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4671"
},
{
"name": "GLSA-202005-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202005-10"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1002",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1002"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2020-6079",
"datePublished": "2020-03-24T20:49:46.000Z",
"dateReserved": "2020-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:47:40.925Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6072 (GCVE-0-2020-6072)
Vulnerability from cvelistv5 – Published: 2020-03-24 20:43 – Updated: 2024-08-04 08:47
VLAI?
Summary
An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the rr_decode function's return value is not checked, leading to a double free that could be exploited to execute arbitrary code. An attacker can send an mDNS message to trigger this vulnerability.
Severity ?
9.8 (Critical)
CWE
- code execution
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:47:41.030Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4671",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4671"
},
{
"name": "GLSA-202005-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202005-10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-0995"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Videolabs",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Videolabs libmircodns 0.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the rr_decode function\u0027s return value is not checked, leading to a double free that could be exploited to execute arbitrary code. An attacker can send an mDNS message to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T17:35:29.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "DSA-4671",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4671"
},
{
"name": "GLSA-202005-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202005-10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-0995"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2020-6072",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Videolabs",
"version": {
"version_data": [
{
"version_value": "Videolabs libmircodns 0.1.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the rr_decode function\u0027s return value is not checked, leading to a double free that could be exploited to execute arbitrary code. An attacker can send an mDNS message to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 9.8,
"baseSeverity": "Critical",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4671",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4671"
},
{
"name": "GLSA-202005-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202005-10"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-0995",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-0995"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2020-6072",
"datePublished": "2020-03-24T20:43:25.000Z",
"dateReserved": "2020-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:47:41.030Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6071 (GCVE-0-2020-6071)
Vulnerability from cvelistv5 – Published: 2020-03-24 20:43 – Updated: 2024-08-04 08:47
VLAI?
Summary
An exploitable denial-of-service vulnerability exists in the resource record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the compression pointer is followed without checking for recursion, leading to a denial of service. An attacker can send an mDNS message to trigger this vulnerability.
Severity ?
7.5 (High)
CWE
- denial of service
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:47:41.013Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4671",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4671"
},
{
"name": "GLSA-202005-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202005-10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-0994"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Videolabs",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Videolabs libmicrodns 0.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An exploitable denial-of-service vulnerability exists in the resource record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the compression pointer is followed without checking for recursion, leading to a denial of service. An attacker can send an mDNS message to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T17:35:27.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "DSA-4671",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4671"
},
{
"name": "GLSA-202005-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202005-10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-0994"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2020-6071",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Videolabs",
"version": {
"version_data": [
{
"version_value": "Videolabs libmicrodns 0.1.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable denial-of-service vulnerability exists in the resource record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the compression pointer is followed without checking for recursion, leading to a denial of service. An attacker can send an mDNS message to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 7.5,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4671",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4671"
},
{
"name": "GLSA-202005-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202005-10"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-0994",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-0994"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2020-6071",
"datePublished": "2020-03-24T20:43:17.000Z",
"dateReserved": "2020-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:47:41.013Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6073 (GCVE-0-2020-6073)
Vulnerability from cvelistv5 – Published: 2020-03-24 20:43 – Updated: 2024-08-04 08:47
VLAI?
Summary
An exploitable denial-of-service vulnerability exists in the TXT record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing the RDATA section in a TXT record in mDNS messages, multiple integer overflows can be triggered, leading to a denial of service. An attacker can send an mDNS message to trigger this vulnerability.
Severity ?
7.5 (High)
CWE
- denial of service
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:47:40.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4671",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4671"
},
{
"name": "GLSA-202005-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202005-10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-0996"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Videolabs",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Videolabs libmicrodns 0.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An exploitable denial-of-service vulnerability exists in the TXT record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing the RDATA section in a TXT record in mDNS messages, multiple integer overflows can be triggered, leading to a denial of service. An attacker can send an mDNS message to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T17:35:30.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "DSA-4671",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4671"
},
{
"name": "GLSA-202005-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202005-10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-0996"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2020-6073",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Videolabs",
"version": {
"version_data": [
{
"version_value": "Videolabs libmicrodns 0.1.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable denial-of-service vulnerability exists in the TXT record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing the RDATA section in a TXT record in mDNS messages, multiple integer overflows can be triggered, leading to a denial of service. An attacker can send an mDNS message to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 7.5,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4671",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4671"
},
{
"name": "GLSA-202005-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202005-10"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-0996",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-0996"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2020-6073",
"datePublished": "2020-03-24T20:43:10.000Z",
"dateReserved": "2020-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:47:40.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6078 (GCVE-0-2020-6078)
Vulnerability from cvelistv5 – Published: 2020-03-24 20:39 – Updated: 2024-08-04 08:47
VLAI?
Summary
An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages in mdns_recv, the return value of the mdns_read_header function is not checked, leading to an uninitialized variable usage that eventually results in a null pointer dereference, leading to service crash. An attacker can send a series of mDNS messages to trigger this vulnerability.
Severity ?
7.5 (High)
CWE
- denial of service
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:47:41.076Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4671",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4671"
},
{
"name": "GLSA-202005-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202005-10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1001"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Videolabs",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Videolabs libmicrodns 0.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages in mdns_recv, the return value of the mdns_read_header function is not checked, leading to an uninitialized variable usage that eventually results in a null pointer dereference, leading to service crash. An attacker can send a series of mDNS messages to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T17:35:37.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "DSA-4671",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4671"
},
{
"name": "GLSA-202005-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202005-10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1001"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2020-6078",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Videolabs",
"version": {
"version_data": [
{
"version_value": "Videolabs libmicrodns 0.1.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages in mdns_recv, the return value of the mdns_read_header function is not checked, leading to an uninitialized variable usage that eventually results in a null pointer dereference, leading to service crash. An attacker can send a series of mDNS messages to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 7.5,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4671",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4671"
},
{
"name": "GLSA-202005-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202005-10"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1001",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1001"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2020-6078",
"datePublished": "2020-03-24T20:39:31.000Z",
"dateReserved": "2020-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:47:41.076Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6077 (GCVE-0-2020-6077)
Vulnerability from cvelistv5 – Published: 2020-03-24 20:39 – Updated: 2024-08-04 08:47
VLAI?
Summary
An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages, the implementation does not properly keep track of the available data in the message, possibly leading to an out-of-bounds read that would result in a denial of service. An attacker can send an mDNS message to trigger this vulnerability.
Severity ?
7.5 (High)
CWE
- denial of service
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:47:40.911Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4671",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4671"
},
{
"name": "GLSA-202005-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202005-10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1000"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Videolabs",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Videolabs libmicrodns 0.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages, the implementation does not properly keep track of the available data in the message, possibly leading to an out-of-bounds read that would result in a denial of service. An attacker can send an mDNS message to trigger this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T17:35:35.000Z",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"name": "DSA-4671",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4671"
},
{
"name": "GLSA-202005-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202005-10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1000"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2020-6077",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Videolabs",
"version": {
"version_data": [
{
"version_value": "Videolabs libmicrodns 0.1.0"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages, the implementation does not properly keep track of the available data in the message, possibly leading to an out-of-bounds read that would result in a denial of service. An attacker can send an mDNS message to trigger this vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": 7.5,
"baseSeverity": "High",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4671",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4671"
},
{
"name": "GLSA-202005-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202005-10"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1000",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1000"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2020-6077",
"datePublished": "2020-03-24T20:39:22.000Z",
"dateReserved": "2020-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:47:40.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}