Vulnerability Details CVE-2020-6072
An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the rr_decode function's return value is not checked, leading to a double free that could be exploited to execute arbitrary code. An attacker can send an mDNS message to trigger this vulnerability.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.022
EPSS Ranking 83.7%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://security.gentoo.org/glsa/202005-10
- https://talosintelligence.com/vulnerability_reports/TALOS-2020-0995
- https://www.debian.org/security/2020/dsa-4671
- https://security.gentoo.org/glsa/202005-10
- https://talosintelligence.com/vulnerability_reports/TALOS-2020-0995
- https://www.debian.org/security/2020/dsa-4671
Products affected by CVE-2020-6072
-
cpe:2.3:a:videolabs:libmicrodns:0.1.0
-
cpe:2.3:o:debian:debian_linux:9.0