Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2020-6072

Опубликовано: 24 мар. 2020
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 7.5
CVSS3: 9.8

Описание

An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the rr_decode function's return value is not checked, leading to a double free that could be exploited to execute arbitrary code. An attacker can send an mDNS message to trigger this vulnerability.

РелизСтатусПримечание
bionic

ignored

end of standard support, was needs-triage
devel

not-affected

0.2.0-1
eoan

ignored

end of life
esm-apps/bionic

released

0.0.8-1ubuntu0.1~esm1
esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

focal

DNE

groovy

DNE

hirsute

DNE

impish

DNE

Показывать по

РелизСтатусПримечание
bionic

ignored

end of standard support, was needs-triage
devel

not-affected

esm-apps/bionic

released

3.0.8-0ubuntu18.04.1+esm3
esm-apps/focal

not-affected

esm-apps/jammy

not-affected

esm-apps/noble

not-affected

esm-apps/xenial

not-affected

focal

not-affected

groovy

ignored

end of life
hirsute

ignored

end of life

Показывать по

Ссылки на источники

EPSS

Процентиль: 84%
0.022
Низкий

7.5 High

CVSS2

9.8 Critical

CVSS3

Связанные уязвимости

nvd логотип

CVE-2020-6072

CVSS3: 9.8
nvd
почти 6 лет назад

An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the rr_decode function's return value is not checked, leading to a double free that could be exploited to execute arbitrary code. An attacker can send an mDNS message to trigger this vulnerability.

debian логотип

CVE-2020-6072

CVSS3: 9.8
debian
почти 6 лет назад

An exploitable code execution vulnerability exists in the label-parsin ...

github логотип

GHSA-jqrj-pmvg-62w8

CVSS3: 9.8
github
больше 3 лет назад

An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the rr_decode function's return value is not checked, leading to a double free that could be exploited to execute arbitrary code. An attacker can send an mDNS message to trigger this vulnerability.

fstec логотип

BDU:2020-02048

CVSS3: 7.3
fstec
почти 6 лет назад

Уязвимость библиотеки microdns программы-медиапроигрывателя VideoLAN VLC, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

EPSS

Процентиль: 84%
0.022
Низкий

7.5 High

CVSS2

9.8 Critical

CVSS3