CVE-2020-6072 · CVEKit

cve.orgen

364 chars

An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the rr_decode function's return value is not checked, leading to a double free that could be exploited to execute arbitrary code. An attacker can send an mDNS message to trigger this vulnerability.

NVDen

364 chars

An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the rr_decode function's return value is not checked, leading to a double free that could be exploited to execute arbitrary code. An attacker can send an mDNS message to trigger this vulnerability.

NVDes

440 chars

Se presenta una vulnerabilidad de ejecución de código explotable en la funcionalidad de análisis de etiquetas de Videolabs libmicrodns versión 0.1.0. Cuando se analiza etiquetas comprimidas en mensajes mDNS, el valor de retorno de la función rr_decode no es comprobada, conllevando a una doble liberación que podría explotarse para ejecutar código arbitrario. Un atacante puede enviar un mensaje mDNS para desencadenar esta vulnerabilidad.

CVSS metrics across sources

5

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	7.5	10.0	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
3.1	Primary	cve.org	9.8	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H