Vulnerabilities > CVE-2017-12130 - NULL Pointer Dereference vulnerability in Tinysvcmdns Project Tinysvcmdns 20171105

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
tinysvcmdns-project
CWE-476

Summary

An exploitable NULL pointer dereference vulnerability exists in the tinysvcmdns library version 2017-11-05. A specially crafted packet can make the library dereference a NULL pointer leading to a server crash and denial of service. An attacker needs to send a DNS query to trigger this vulnerability.

Vulnerable Configurations

Part Description Count
Application
Tinysvcmdns_Project
1

Common Weakness Enumeration (CWE)

Talos

idTALOS-2017-0486
last seen2019-05-29
published2018-01-17
reporterTalos Intelligence
sourcehttp://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0486
titleTinysvcmdns Multi-label DNS mdns_parse_qn Denial Of Service Vulnerability