20180116

CVSS 9.1 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

tinysvcmdns-project

CWE-125

critical

NVD

Published: 2019-03-13

Updated: 2019-03-15

Summary

In tinysvcmdns through 2018-01-16, an mDNS server processing a crafted packet can perform arbitrary data read operations up to 16383 bytes from the start of the buffer. This can lead to a segmentation fault in uncompress_nlabel in mdns.c and a crash of the server (depending on the memory protection of the CPU and the operating system), or disclosure of memory content via error messages or a server response. NOTE: the product's web site states "This project is un-maintained, and has been since 2013. ... There are known vulnerabilities ... You are advised to NOT use this library for any new projects / products."

Vulnerable Configurations

Part	Description	Count
Application	Tinysvcmdns_Project Tinysvcmdns Project Tinysvcmdns 2016-07-18 Tinysvcmdns Project Tinysvcmdns 2017-11-05 Tinysvcmdns Project Tinysvcmdns 2018-01-16	3

Common Weakness Enumeration (CWE)

CWE-125 - Out-of-bounds Read

Common Attack Pattern Enumeration and Classification (CAPEC)

Overread Buffers
An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.

References

https://bitbucket.org/geekman/tinysvcmdns/issues/10/arbitrary-memory-read-while-parsing