| ID |
CVE-2019-9748
|
| Sažetak |
In tinysvcmdns through 2018-01-16, an mDNS server processing a crafted packet can perform arbitrary data read operations up to 16383 bytes from the start of the buffer. This can lead to a segmentation fault in uncompress_nlabel in mdns.c and a crash of the server (depending on the memory protection of the CPU and the operating system), or disclosure of memory content via error messages or a server response. NOTE: the product's web site states "This project is un-maintained, and has been since 2013. ... There are known vulnerabilities ... You are advised to NOT use this library for any new projects / products." |
| Reference |
|
| CVSS |
| Base: | 9.4 |
| Impact: | 9.2 |
| Exploitability: | 10.0 |
|
| Pristup |
| Vektor | Složenost | Autentikacija |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Povjerljivost | Cjelovitost | Dostupnost |
| COMPLETE |
NONE |
COMPLETE |
|
| CVSS vektor |
AV:N/AC:L/Au:N/C:C/I:N/A:C |
| Zadnje važnije ažuriranje |
15-03-2019 - 13:40 |
| Objavljeno |
13-03-2019 - 19:29 |
