CVE-2019-9748

Name of the Vulnerable Software and Affected Versions tinysvcmdns versions prior to 2018-01-16

Description The issue allows an mDNS server to perform arbitrary data read operations up to 16383 bytes from the start of the buffer when processing a crafted packet. This can cause a segmentation fault in the uncompress nlabel function in mdns.c, leading to a server crash, or result in the disclosure of memory content via error messages or a server response.

Recommendations For tinysvcmdns versions prior to 2018-01-16, consider disabling the mDNS server functionality until a maintained alternative is implemented, as the project is un-maintained and has known vulnerabilities.