CVE-2020-6080

Name of the Vulnerable Software and Affected Versions Videolabs libmicrodns version 0.1.0

Description An exploitable denial-of-service issue exists in the resource allocation handling of Videolabs libmicrodns. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger this issue through the function rr read RR(), which reads the current resource record, except for the RDATA section. For each RR type, a different function is called, such as rr read TXT() when the RR type is 0x10.

Recommendations For Videolabs libmicrodns version 0.1.0, as a temporary workaround, consider disabling the rr read RR() function until a patch is available. Restrict access to the rr read() loop to minimize the risk of exploitation. Avoid using the RR type 0x10 in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.