CyberSec.Space Logo
返回 CVE 浏览器

CVE-2019-9748

CRITICAL
9.1
CVSS Severity Score
EPSS Score0.0460%
EPSS Percentile2.56th
Published2019年3月13日
Last Modified2024年11月21日

Vulnerability Description

In tinysvcmdns through 2018-01-16, an mDNS server processing a crafted packet can perform arbitrary data read operations up to 16383 bytes from the start of the buffer. This can lead to a segmentation fault in uncompress_nlabel in mdns.c and a crash of the server (depending on the memory protection of the CPU and the operating system), or disclosure of memory content via error messages or a server response. NOTE: the product's web site states "This project is un-maintained, and has been since 2013. ... There are known vulnerabilities ... You are advised to NOT use this library for any new projects / products."

Affected Platforms (CPE)

📦
Tinysvcmdns Project

Tinysvcmdns

<= 2018-01-16

References & Advisories

🔗 https://bitbucket.org/geekman/tinysvcmdns/issues/10/arbitrary-memory-read-while-parsing
🔗 https://bitbucket.org/geekman/tinysvcmdns/issues/10/arbitrary-memory-read-while-parsing

相关漏洞威胁

CVE-2017-1208710.0

An exploitable heap overflow vulnerability exists in the tinysvcmdns library version 2016-07-18. A specially crafted packet can ma...

CVE-2017-121307.5

An exploitable NULL pointer dereference vulnerability exists in the tinysvcmdns library version 2017-11-05. A specially crafted pa...

CVE-2019-97477.5

In tinysvcmdns through 2018-01-16, a maliciously crafted mDNS (Multicast DNS) packet triggers an infinite loop while parsing an mD...

CVE-2019-390510.0

Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF.