PT-2019-19839 · Tinysvcmdns · Tinysvcmdns

Published

2019-03-13

Updated

2020-08-24

CVE-2019-9747

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions tinysvcmdns versions prior to 2018-01-16

Description The issue occurs when a maliciously crafted mDNS packet is received, causing an infinite loop while parsing an mDNS query. This happens when mDNS compressed labels point to each other, leading the uncompress nlabel function to go into an infinite loop, resulting in the mDNS server hanging.

Recommendations For tinysvcmdns versions prior to 2018-01-16, consider disabling the mDNS server functionality until a maintained alternative is implemented, as the project is un-maintained and has known vulnerabilities.

Exploit

Fix

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-835

Related Identifiers

CVE-2019-9747

Affected Products

Tinysvcmdns

PT-2019-19839 · Tinysvcmdns · Tinysvcmdns

CVE-2019-9747

Weakness Enumeration

Related Identifiers

Affected Products

References · 3