CVE-2020-6078

Name of the Vulnerable Software and Affected Versions Videolabs libmicrodns version 0.1.0

Description The issue is related to the message-parsing functionality. When parsing mDNS messages in mdns recv, the return value of the mdns read header function is not checked, leading to an uninitialized variable usage that eventually results in a null pointer dereference, causing the service to crash. An attacker can send a series of mDNS messages to trigger this issue. The vulnerability may also allow a remote attacker to cause a denial-of-service or execute arbitrary code using a specially crafted request.

Recommendations For Videolabs libmicrodns version 0.1.0, consider disabling the mdns recv function or restricting the parsing of mDNS messages until a patch is available. Additionally, restrict access to the mdns read header function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.