An exploitable NULL pointer dereference vulnerability exists in the tinysvcmdns library version 2017-11-05. A specially crafted packet can make the library dereference a NULL pointer leading to a server crash and denial of service. An attacker needs to send a DNS query to trigger this vulnerability.
The product dereferences a pointer that it expects to be valid but is NULL.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Tinysvcmdns | Tinysvcmdns_project | 2017-11-05 (including) | 2017-11-05 (including) |
Shairport-sync | Ubuntu | artful | * |