Videolabs Libmicrodns vulnerabilities

CVE-2020-6072 [CRITICAL] CWE-415 CVE-2020-6072: An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs l An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the rr_decode function's return value is not checked, leading to a double free that could be exploited to execute arbitrary code. An attacker can send an mDNS message to trigger this v

CVE-2020-6078 [HIGH] CWE-252 CVE-2020-6078: An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videol An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages in mdns_recv, the return value of the mdns_read_header function is not checked, leading to an uninitialized variable usage that eventually results in a null pointer dereference, leading to service crash. A

CVE-2020-6080 [HIGH] CWE-401 CVE-2020-6080: An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videola An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger this vulne

CVE-2020-6071 [HIGH] CWE-674 CVE-2020-6071: An exploitable denial-of-service vulnerability exists in the resource record-parsing functionality o An exploitable denial-of-service vulnerability exists in the resource record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the compression pointer is followed without checking for recursion, leading to a denial of service. An attacker can send an mDNS message to trigger this vulnerability.

CVE-2020-6073 [HIGH] CWE-190 CVE-2020-6073: An exploitable denial-of-service vulnerability exists in the TXT record-parsing functionality of Vid An exploitable denial-of-service vulnerability exists in the TXT record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing the RDATA section in a TXT record in mDNS messages, multiple integer overflows can be triggered, leading to a denial of service. An attacker can send an mDNS message to trigger this vulnerability.

CVE-2020-6077 [HIGH] CWE-125 CVE-2020-6077: An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videol An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages, the implementation does not properly keep track of the available data in the message, possibly leading to an out-of-bounds read that would result in a denial of service. An attacker can send an mDNS messa

CVE-2020-6079 [HIGH] CWE-401 CVE-2020-6079: An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videola An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger this vulne