CVE-2019-9747

Published: Mar 13, 2019

Modified: Sep 16, 2024

PUBLISHED

Description

In tinysvcmdns through 2018-01-16, a maliciously crafted mDNS (Multicast DNS) packet triggers an infinite loop while parsing an mDNS query. When mDNS compressed labels point to each other, the function uncompress_nlabel goes into an infinite loop trying to analyze the packet with an mDNS query. As a result, the mDNS server hangs after receiving the malicious mDNS packet. NOTE: the product's web site states "This project is un-maintained, and has been since 2013. ... There are known vulnerabilities ... You are advised to NOT use this library for any new projects / products."

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://bitbucket.org/geekman/tinysvcmdns/issues/11/denial-of-service-vulnerability-infinite

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-9747

Description

Affected Products

References