CVE-2020-6080
published 2020-03-24CVE-2020-6080: An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while…
PriorityP338high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
2.38%
81.8th percentile
An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger this vulnerability through the function rr_read_RR [5] reads the current resource record, except for the RDATA section. This is read by the loop at in rr_read. For each RR type, a different function is called. When the RR type is 0x10, the function rr_read_TXT is called at [6].
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | libmicrodns | < libmicrodns 0.2.0-1 (forky) | libmicrodns 0.2.0-1 (forky) |
| debian | vlc | < libmicrodns 0.2.0-1 (forky) | libmicrodns 0.2.0-1 (forky) |
| videolabs | libmicrodns | — | — |
| videolabs | libmicrodns | >= 0 < 0.2.0-1 | 0.2.0-1 |
| videolabs | libmicrodns | >= 0 < 0.2.0-1 | 0.2.0-1 |
| videolabs | libmicrodns | >= 0 < 0.0.8-1ubuntu0.1~esm1 | 0.0.8-1ubuntu0.1~esm1 |
| videolan | vlc_media_player | >= 0 < 3.0.8-4 | 3.0.8-4 |
| videolan | vlc_media_player | >= 0 < 3.0.8-4 | 3.0.8-4 |
| videolan | vlc_media_player | >= 0 < 3.0.8-4 | 3.0.8-4 |
| videolan | vlc_media_player | >= 0 < 3.0.8-4 | 3.0.8-4 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_debian7.5HIGH
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
libmicrodns vulnerabilities
vendor_ubuntu·2025-01-28·CVSS 7.5
CVE-2020-6072 [HIGH] libmicrodns vulnerabilities
Title: libmicrodns vulnerabilities
Summary: Several security issues were fixed in libmicrodns.
It was discovered that libmicrodns could recursively follow the same
compression pointer, leading to an infinite loop. An attacker could
possibly use this issue to cause a denial of service. (CVE-2020-6071)
It was discovered that libmicrodns did not check the return value of the
rr_decode function, which could lead to a double free. An attacker could
possibly use this issue to execute arbitrary code. (CVE-2020-6072)
It was discovered that libmicrodns incorrectly handled certain inputs,
which could lead to an integer overflow. An attacker could possibly use
this issue to cause a denial of service. (CVE-2020-6073)
It was discovered that libmicrodns incorrectly handled certain inputs,
which cou
Debian
CVE-2020-6080: libmicrodns - An exploitable denial-of-service vulnerability exists in the resource allocation...
vendor_debian·2020·CVSS 7.5
CVE-2020-6080 [HIGH] CVE-2020-6080: libmicrodns - An exploitable denial-of-service vulnerability exists in the resource allocation...
An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger this vulnerability through the function rr_read_RR [5] reads the current resource record, except for the RDATA section. This is read by the loop at in rr_read. For each RR type, a different function is called. When the RR type is 0x10, the function rr_read_TXT is called at [6].
Scope: local
forky: resolved (fixed in 0.2.0-1)
sid: resolved (fixed in 0.2.0-1)
trixie: resolved (fixed in 0.2.0-1)
OSV
libmicrodns vulnerabilities
osv·2025-01-28·CVSS 7.5
CVE-2020-6071 [HIGH] libmicrodns vulnerabilities
libmicrodns vulnerabilities
It was discovered that libmicrodns could recursively follow the same
compression pointer, leading to an infinite loop. An attacker could
possibly use this issue to cause a denial of service. (CVE-2020-6071)
It was discovered that libmicrodns did not check the return value of the
rr_decode function, which could lead to a double free. An attacker could
possibly use this issue to execute arbitrary code. (CVE-2020-6072)
It was discovered that libmicrodns incorrectly handled certain inputs,
which could lead to an integer overflow. An attacker could possibly use
this issue to cause a denial of service. (CVE-2020-6073)
It was discovered that libmicrodns incorrectly handled certain inputs,
which could lead to a out-of-bounds read. An attacker could possibly use
this
GHSA
GHSA-v687-g54p-gvwj: An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0
ghsa_unreviewed·2022-05-24
CVE-2020-6080 [MEDIUM] CWE-400 GHSA-v687-g54p-gvwj: An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0
An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger this vulnerability through the function rr_read_RR [5] reads the current resource record, except for the RDATA section. This is read by the loop at in rr_read. For each RR type, a different function is called. When the RR type is 0x10, the function rr_read_TXT is called at [6].
OSV
CVE-2020-6080: An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0
osv·2020-03-24·CVSS 7.5
CVE-2020-6080 [HIGH] CVE-2020-6080: An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0
An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger this vulnerability through the function rr_read_RR [5] reads the current resource record, except for the RDATA section. This is read by the loop at in rr_read. For each RR type, a different function is called. When the RR type is 0x10, the function rr_read_TXT is called at [6].
No detection rules found.
No public exploits indexed.
Talos
Vulnerability Spotlight: Multiple vulnerabilities in Videolabs libmicrodns
blogs_talos·2020-03-23·CVSS 7.5
[HIGH] Vulnerability Spotlight: Multiple vulnerabilities in Videolabs libmicrodns
## Vulnerability Spotlight: Multiple vulnerabilities in Videolabs libmicrodns
Claudio Bozzato of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.
A specific library in the Videolabs family of software contains multiple vulnerabilities that could lead to denial of service and code execution. Videolabs is a company founded by VideoLAN members and is the current editor of the VLC mobile applications and one of the largest contributors to VLC. They also
develop libmicrodns, a library which is used by VLC media player for mDNS services discovery. The libmicrodns library contains multiple vulnerabilities that could allow attackers to carry out a variety of malicious actions, including causing a denial of service and gaining the ability to execute arbitrary code.
In accordan
Talos
Vulnerability Spotlight: Multiple vulnerabilities in Videolabs libmicrodns
blogs_talos·2020-03-23·CVSS 7.5
[HIGH] Vulnerability Spotlight: Multiple vulnerabilities in Videolabs libmicrodns
Claudio Bozzato of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw.
A specific library in the Videolabs family of software contains multiple vulnerabilities that could lead to denial of service and code execution. Videolabs is a company founded by VideoLAN members and is the current editor of the VLC mobile applications and one of the largest contributors to VLC. They also
develop libmicrodns, a library which is used by VLC media player for mDNS services discovery. The libmicrodns library contains multiple vulnerabilities that could allow attackers to carry out a variety of malicious actions, including causing a denial of service and gaining the ability to execute arbitrary code.
In accordance with our coordinated disclosure policy, Cisco Talos worked with Videolabs to
https://security.gentoo.org/glsa/202005-10https://talosintelligence.com/vulnerability_reports/TALOS-2020-1002https://www.debian.org/security/2020/dsa-4671https://security.gentoo.org/glsa/202005-10https://talosintelligence.com/vulnerability_reports/TALOS-2020-1002https://www.debian.org/security/2020/dsa-4671
2020-03-24
Published