CVE-2020-6079

Name of the Vulnerable Software and Affected Versions Videolabs libmicrodns version 0.1.0

Description The issue is related to a denial-of-service condition that can occur due to improper resource allocation handling when parsing mDNS messages. If errors are encountered during this process, some allocated data may not be freed, potentially leading to resource exhaustion. An attacker can exploit this by repeatedly sending a specially crafted mDNS message, triggering the vulnerability through the decoding of the domain name performed by rr decode. This can result in a denial-of-service condition or potentially allow for remote code execution.

Recommendations For Videolabs libmicrodns version 0.1.0, consider restricting access to the rr decode function to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the domain name decoding feature in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.