Double Free Vulnerability in Videolabs libmicrodns 0.1.0

Double Free Vulnerability in Videolabs libmicrodns 0.1.0

CVE-2020-6072 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the rr_decode function's return value is not checked, leading to a double free that could be exploited to execute arbitrary code. An attacker can send an mDNS message to trigger this vulnerability.

Learn more about our Cis Benchmark Audit For Ibm I.