CVE-2020-6077

CVE-2020-6077

Name

CVE-2020-6077

Description

An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages, the implementation does not properly keep track of the available data in the message, possibly leading to an out-of-bounds read that would result in a denial of service. An attacker can send an mDNS message to trigger this vulnerability.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Exploit	https://talosintelligence.com/vulnerability_reports/TALOS-2020-1000
DEBIAN	https://www.debian.org/security/2020/dsa-4671
GENTOO	https://security.gentoo.org/glsa/202005-10

Type

URI

Exploit

https://talosintelligence.com/vulnerability_reports/TALOS-2020-1000

DEBIAN

https://www.debian.org/security/2020/dsa-4671

GENTOO

https://security.gentoo.org/glsa/202005-10

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:videolabs:libmicrodns:0.1.0:::::::*`	libmicrodns	== None	== 0.1.0

CPE URI

Source package

Min version

Max version

cpe:2.3:a:videolabs:libmicrodns:0.1.0:*:*:*:*:*:*:*

libmicrodns

== None

== 0.1.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
vlc	edge-community	3.0.9.2-r0	None	fixed
vlc	3.22-community	3.0.9.2-r0	None	fixed
vlc	3.21-community	3.0.9.2-r0	None	fixed
vlc	3.20-community	3.0.9.2-r0	None	fixed
vlc	3.19-community	3.0.9.2-r0	None	fixed
vlc	3.18-community	3.0.9.2-r0	None	fixed
vlc	3.17-community	3.0.9.2-r0	None	fixed

Source package

Branch

Version

Maintainer

Status

vlc

edge-community

3.0.9.2-r0

None

fixed

vlc

3.22-community