Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In tinysvcmdns through 2018-01-16, a maliciously crafted mDNS (Multicast DNS) packet triggers an infinite loop while parsing an mDNS query. When mDNS compressed labels point to each other, the function uncompress_nlabel goes into an infinite loop trying to analyze the packet with an mDNS query. As a result, the mDNS server hangs after receiving the malicious mDNS packet. NOTE: the product's web site states "This project is un-maintained, and has been since 2013. ... There are known vulnerabilities ... You are advised to NOT use this library for any new projects / products."
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
tinysvcmdns 输入验证错误漏洞
Vulnerability Description
tinysvcmdns是一个用于服务的组播DNS响应库。 tinysvcmdns 2018-01-16及之前版本中存在输入验证漏洞。攻击者可借助恶意制作的mDNS数据包利用该漏洞造成mDNS服务器挂起(无限循环)。
CVSS Information
N/A
Vulnerability Type
N/A