An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the rr_decode functions return value is not checked, leading to a double free that could be exploited to execute arbitrary code. An attacker can send an mDNS message to trigger this vulnerability.
Weakness
The product calls free() twice on the same memory address.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Libmicrodns | Videolabs | 0.1.0 (including) | 0.1.0 (including) |
| Libmicrodns | Ubuntu | bionic | * |
| Libmicrodns | Ubuntu | eoan | * |
| Libmicrodns | Ubuntu | esm-apps/bionic | * |
| Libmicrodns | Ubuntu | trusty | * |
| Libmicrodns | Ubuntu | upstream | * |
| Vlc | Ubuntu | bionic | * |
| Vlc | Ubuntu | esm-apps/bionic | * |
| Vlc | Ubuntu | groovy | * |
| Vlc | Ubuntu | hirsute | * |
| Vlc | Ubuntu | impish | * |
| Vlc | Ubuntu | kinetic | * |
| Vlc | Ubuntu | lunar | * |
| Vlc | Ubuntu | mantic | * |
| Vlc | Ubuntu | trusty | * |
| Vlc | Ubuntu | xenial | * |
Potential Mitigations
References
- https://security.gentoo.org/glsa/202005-10
- https://talosintelligence.com/vulnerability_reports/TALOS-2020-0995
- https://www.debian.org/security/2020/dsa-4671
- https://security.gentoo.org/glsa/202005-10
- https://talosintelligence.com/vulnerability_reports/TALOS-2020-0995
- https://www.debian.org/security/2020/dsa-4671