CVE-2020-6072

An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the rr_decode function's return value is not checked, leading to a double free that could be exploited to execute arbitrary code. An attacker can send an mDNS message to trigger this vulnerability.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://security.gentoo.org/glsa/202005-10	Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2020-0995	Exploit Technical Description Third Party Advisory
https://www.debian.org/security/2020/dsa-4671	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:videolabs:libmicrodns:0.1.0:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

History

03 Jun 2022, 18:16

Type	Values Removed	Values Added
References	~~(GENTOO) https://security.gentoo.org/glsa/202005-10 -~~	(GENTOO) https://security.gentoo.org/glsa/202005-10 - Third Party Advisory
References	~~(DEBIAN) https://www.debian.org/security/2020/dsa-4671 -~~	(DEBIAN) https://www.debian.org/security/2020/dsa-4671 - Third Party Advisory
CPE		cpe:2.3:o:debian:debian_linux:9.0:::::::*

Information

Published : 2020-03-24 21:15

Updated : 2024-02-04 21:00

NVD link : CVE-2020-6072

Mitre link : CVE-2020-6072

CVE.ORG link : CVE-2020-6072

JSON object : View

Products Affected

videolabs

libmicrodns

debian

debian_linux

CWE

CWE-415

Double Free

{"id": "CVE-2020-6072", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "talos-cna@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2020-03-24T21:15:14.143", "references": [{"url": "https://security.gentoo.org/glsa/202005-10", "tags": ["Third Party Advisory"], "source": "talos-cna@cisco.com"}, {"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-0995", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "source": "talos-cna@cisco.com"}, {"url": "https://www.debian.org/security/2020/dsa-4671", "tags": ["Third Party Advisory"], "source": "talos-cna@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-415"}]}], "descriptions": [{"lang": "en", "value": "An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the rr_decode function's return value is not checked, leading to a double free that could be exploited to execute arbitrary code. An attacker can send an mDNS message to trigger this vulnerability."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo explotable en la funcionalidad de an\u00e1lisis de etiquetas de Videolabs libmicrodns versi\u00f3n 0.1.0. Cuando se analiza etiquetas comprimidas en mensajes mDNS, el valor de retorno de la funci\u00f3n rr_decode no es comprobada, conllevando a una doble liberaci\u00f3n que podr\u00eda explotarse para ejecutar c\u00f3digo arbitrario. Un atacante puede enviar un mensaje mDNS para desencadenar esta vulnerabilidad."}], "lastModified": "2022-06-03T18:16:56.470", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:videolabs:libmicrodns:0.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E2CF82C-22D5-4713-9DD3-9950E80D7EB3"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"}], "operator": "OR"}]}], "sourceIdentifier": "talos-cna@cisco.com"}