PT-2019-19840 · Tinysvcmdns · Tinysvcmdns

Published

2019-03-13

Updated

2019-03-15

CVE-2019-9748

CVSS v2.0

9.4

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:C

Name of the Vulnerable Software and Affected Versions tinysvcmdns versions prior to 2018-01-16

Description The issue allows an mDNS server to perform arbitrary data read operations up to 16383 bytes from the start of the buffer when processing a crafted packet. This can cause a segmentation fault in the uncompress nlabel function in mdns.c, leading to a server crash, or result in the disclosure of memory content via error messages or a server response.

Recommendations For tinysvcmdns versions prior to 2018-01-16, consider disabling the mDNS server functionality until a maintained alternative is implemented, as the project is un-maintained and has known vulnerabilities.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

CVE-2019-9748

Affected Products

Tinysvcmdns

PT-2019-19840 · Tinysvcmdns · Tinysvcmdns

CVE-2019-9748

Weakness Enumeration

Related Identifiers

Affected Products

References · 3