CVE-2020-6078

2020-03-2421:15:14

Google

osv.dev

6.5 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

71.9%

JSON

An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages in mdns_recv, the return value of the mdns_read_header function is not checked, leading to an uninitialized variable usage that eventually results in a null pointer dereference, leading to service crash. An attacker can send a series of mDNS messages to trigger this vulnerability.

CPENameOperatorVersion
libmicrodnseq0.0.2
libmicrodnseq0.0.7
libmicrodnseq0.0.3
libmicrodnseq0.0.5
libmicrodnseq0.0.6
libmicrodnseq0.0.4
libmicrodnseq0.0.10
libmicrodnseq0.0.1
libmicrodnseq0.0.9
libmicrodnseq0.0.8

Name	Operator	Version
libmicrodns	eq	0.0.2
libmicrodns	eq	0.0.7
libmicrodns	eq	0.0.3
libmicrodns	eq	0.0.5
libmicrodns	eq	0.0.6
libmicrodns	eq	0.0.4
libmicrodns	eq	0.0.10
libmicrodns	eq	0.0.1
libmicrodns	eq	0.0.9
libmicrodns	eq	0.0.8