CVE-2020-6073

Name of the Vulnerable Software and Affected Versions Videolabs libmicrodns version 0.1.0

Description The issue is related to the parsing of TXT records in mDNS messages, where multiple integer overflows can occur, leading to a denial of service. An attacker can exploit this by sending a specially crafted mDNS message. Additionally, the vulnerability is associated with out-of-bounds memory access, which can be exploited by a remote attacker to cause a denial of service or potentially execute arbitrary code using a specially crafted request.

Recommendations For version 0.1.0, consider disabling the TXT record-parsing functionality until a patch is available to prevent exploitation. Restrict access to mDNS messages to minimize the risk of triggering the integer overflows. Avoid using the vulnerable libmicrodns version in sensitive environments until a fixed version is released. At the moment, there is no information about a newer version that contains a fix for this vulnerability.