user/vlc: multiple vulnerabilities
| Bugzilla ID | 279 |
| Alias(es) | CVE-2019-19721, CVE-2020-6071, CVE-2020-6072, CVE-2020-6073, CVE-2020-6077, CVE-2020-6078, CVE-2020-6079, CVE-2020-6080 |
| Reporter | Max Rees (sroracle) |
| Assignee | Max Rees (sroracle) |
| Reported | 2020-05-01 15:37:48 -0500 |
| Modified | 2020-05-10 10:53:39 -0500 |
| Status | RESOLVED INVALID |
| Version | 1.0-RC1 |
| Hardware | Adélie Linux / All |
| Importance | --- / normal |
Description
CVE-2020-6073: https://nvd.nist.gov/vuln/detail/CVE-2020-6073
An exploitable denial-of-service vulnerability exists in the TXT
record-parsing functionality of Videolabs libmicrodns 0.1.0. When
parsing the RDATA section in a TXT record in mDNS messages, multiple
integer overflows can be triggered, leading to a denial of service. An
attacker can send an mDNS message to trigger this vulnerability.
CVE-2020-6071: https://nvd.nist.gov/vuln/detail/CVE-2020-6071
An exploitable denial-of-service vulnerability exists in the resource
record-parsing functionality of Videolabs libmicrodns 0.1.0. When
parsing compressed labels in mDNS messages, the compression pointer is
followed without checking for recursion, leading to a denial of
service. An attacker can send an mDNS message to trigger this
vulnerability.
CVE-2020-6072: https://nvd.nist.gov/vuln/detail/CVE-2020-6072
An exploitable code execution vulnerability exists in the label-
parsing functionality of Videolabs libmicrodns 0.1.0. When parsing
compressed labels in mDNS messages, the rr_decode function's return
value is not checked, leading to a double free that could be exploited
to execute arbitrary code. An attacker can send an mDNS message to
trigger this vulnerability.
CVE-2020-6078: https://nvd.nist.gov/vuln/detail/CVE-2020-6078
An exploitable denial-of-service vulnerability exists in the message-
parsing functionality of Videolabs libmicrodns 0.1.0. When parsing
mDNS messages in mdns_recv, the return value of the mdns_read_header
function is not checked, leading to an uninitialized variable usage
that eventually results in a null pointer dereference, leading to
service crash. An attacker can send a series of mDNS messages to
trigger this vulnerability.
CVE-2020-6080: https://nvd.nist.gov/vuln/detail/CVE-2020-6080
An exploitable denial-of-service vulnerability exists in the resource
allocation handling of Videolabs libmicrodns 0.1.0. When encountering
errors while parsing mDNS messages, some allocated data is not freed,
possibly leading to a denial-of-service condition via resource
exhaustion. An attacker can send one mDNS message repeatedly to
trigger this vulnerability through the function rr_read_RR [5] reads
the current resource record, except for the RDATA section. This is
read by the loop at in rr_read. For each RR type, a different function
is called. When the RR type is 0x10, the function rr_read_TXT is
called at [6].
CVE-2020-6079: https://nvd.nist.gov/vuln/detail/CVE-2020-6079
An exploitable denial-of-service vulnerability exists in the resource
allocation handling of Videolabs libmicrodns 0.1.0. When encountering
errors while parsing mDNS messages, some allocated data is not freed,
possibly leading to a denial-of-service condition via resource
exhaustion. An attacker can send one mDNS message repeatedly to
trigger this vulnerability through decoding of the domain name
performed by rr_decode.
CVE-2020-6077: https://nvd.nist.gov/vuln/detail/CVE-2020-6077
An exploitable denial-of-service vulnerability exists in the message-
parsing functionality of Videolabs libmicrodns 0.1.0. When parsing
mDNS messages, the implementation does not properly keep track of the
available data in the message, possibly leading to an out-of-bounds
read that would result in a denial of service. An attacker can send an
mDNS message to trigger this vulnerability.
It does not appear to me that we are building the microdns module at
this time. However, in any case this is fixed in microdns >= 0.1.1 and
vlc >= 3.0.9.
https://github.com/videolabs/libmicrodns/releases/tag/0.1.1
https://www.videolan.org/developers/vlc-branch/NEWS