CVE-2020-6072

Name of the Vulnerable Software and Affected Versions Videolabs libmicrodns version 0.1.0

Description The issue is related to a buffer overflow in the microdns library of the VideoLAN VLC media player, allowing a remote attacker to cause a denial of service or execute arbitrary code using a specially crafted request. The vulnerability is also described as an exploitable code execution issue in the label-parsing functionality of libmicrodns. When parsing compressed labels in mDNS messages, the rr decode function's return value is not checked, leading to a double free that could be exploited to execute arbitrary code. An attacker can send an mDNS message to trigger this vulnerability.

Recommendations For Videolabs libmicrodns version 0.1.0, consider disabling the rr decode function as a temporary workaround until a patch is available. Restrict access to the vulnerable label-parsing functionality to minimize the risk of exploitation. Avoid using the vulnerable microdns library until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.