An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages in mdns_recv, the return value of the mdns_read_header function is not checked, leading to an uninitialized variable usage that eventually results in a null pointer dereference, leading to service crash. An attacker can send a series of mDNS messages to trigger this vulnerability.

Threat-Mapped Scoring

Score: 1.5

Priority: P4 - Informational (Low)

• S10 – Denial of Service

EPSS

Score: 0.01405
Percentile: 0.79598

CVSS Scoring

Mapped CWE(s)

• CWE-252 : Unchecked Return Value

Affected Products

• cpe:2.3:a:videolabs:libmicrodns:0.1.0:*:*:*:*:*:*:*
• cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
• cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

← Back to Home