Vulnerabilities > CVE-2017-12130 - NULL Pointer Dereference vulnerability in Tinysvcmdns Project Tinysvcmdns 20171105

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

tinysvcmdns-project

CWE-476

NVD

Published: 2018-01-20

Updated: 2022-12-14

Summary

An exploitable NULL pointer dereference vulnerability exists in the tinysvcmdns library version 2017-11-05. A specially crafted packet can make the library dereference a NULL pointer leading to a server crash and denial of service. An attacker needs to send a DNS query to trigger this vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Tinysvcmdns_Project Tinysvcmdns Project Tinysvcmdns 2017-11-05	1

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

Talos

id	TALOS-2017-0486
last seen	2019-05-29
published	2018-01-17
reporter	Talos Intelligence
source	http://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0486
title	Tinysvcmdns Multi-label DNS mdns_parse_qn Denial Of Service Vulnerability

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Talos

References