CVE-2019-9747

Name of the Vulnerable Software and Affected Versions tinysvcmdns versions prior to 2018-01-16

Description The issue occurs when a maliciously crafted mDNS packet is received, causing an infinite loop while parsing an mDNS query. This happens when mDNS compressed labels point to each other, leading the uncompress nlabel function to go into an infinite loop, resulting in the mDNS server hanging.

Recommendations For tinysvcmdns versions prior to 2018-01-16, consider disabling the mDNS server functionality until a maintained alternative is implemented, as the project is un-maintained and has known vulnerabilities.