Vulnerability Details CVE-2019-9748
In tinysvcmdns through 2018-01-16, an mDNS server processing a crafted packet can perform arbitrary data read operations up to 16383 bytes from the start of the buffer. This can lead to a segmentation fault in uncompress_nlabel in mdns.c and a crash of the server (depending on the memory protection of the CPU and the operating system), or disclosure of memory content via error messages or a server response. NOTE: the product's web site states "This project is un-maintained, and has been since 2013. ... There are known vulnerabilities ... You are advised to NOT use this library for any new projects / products."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 53.1%
CVSS Severity
CVSS v3 Score 9.1
CVSS v2 Score 9.4
References
Products affected by CVE-2019-9748
-
cpe:2.3:a:tinysvcmdns_project:tinysvcmdns:2016-07-18
-
cpe:2.3:a:tinysvcmdns_project:tinysvcmdns:2017-11-05
-
cpe:2.3:a:tinysvcmdns_project:tinysvcmdns:2018-01-16