Vulnerability Details CVE-2020-6079
An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger this vulnerability through decoding of the domain name performed by rr_decode.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.012
EPSS Ranking 78.0%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://security.gentoo.org/glsa/202005-10
- https://talosintelligence.com/vulnerability_reports/TALOS-2020-1002
- https://www.debian.org/security/2020/dsa-4671
- https://security.gentoo.org/glsa/202005-10
- https://talosintelligence.com/vulnerability_reports/TALOS-2020-1002
- https://www.debian.org/security/2020/dsa-4671
Products affected by CVE-2020-6079
-
cpe:2.3:a:videolabs:libmicrodns:0.1.0
-
cpe:2.3:o:debian:debian_linux:10.0
-
cpe:2.3:o:debian:debian_linux:9.0