Описание
An exploitable denial-of-service vulnerability exists in the TXT record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing the RDATA section in a TXT record in mDNS messages, multiple integer overflows can be triggered, leading to a denial of service. An attacker can send an mDNS message to trigger this vulnerability.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| libmicrodns | fixed | 0.2.0-1 | package | |
| vlc | fixed | 3.0.8-4 | package | |
| vlc | end-of-life | jessie | package |
Примечания
https://talosintelligence.com/vulnerability_reports/TALOS-2020-0996
These were addressed on the source level in 3.0.9, but 3.0.8-4 disables the plugin
Связанные уязвимости
An exploitable denial-of-service vulnerability exists in the TXT record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing the RDATA section in a TXT record in mDNS messages, multiple integer overflows can be triggered, leading to a denial of service. An attacker can send an mDNS message to trigger this vulnerability.
An exploitable denial-of-service vulnerability exists in the TXT record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing the RDATA section in a TXT record in mDNS messages, multiple integer overflows can be triggered, leading to a denial of service. An attacker can send an mDNS message to trigger this vulnerability.
An exploitable denial-of-service vulnerability exists in the TXT record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing the RDATA section in a TXT record in mDNS messages, multiple integer overflows can be triggered, leading to a denial of service. An attacker can send an mDNS message to trigger this vulnerability.
Уязвимость библиотеки microdns программы-медиапроигрывателя VideoLAN VLC, связанная с чтением данных за границами буфера в памяти, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код