Login Sign Up

CVE-2020-6071

7.5 HIGH
Denial of Service

📋 TL;DR

CVE-2020-6071 is a denial-of-service vulnerability in Videolabs libmicrodns 0.1.0 where improper handling of compressed labels in mDNS messages allows an attacker to cause infinite recursion and crash the service. This affects any system or application using the vulnerable libmicrodns library for multicast DNS functionality.

💻 Affected Systems

Products:
  • Videolabs libmicrodns
Versions: Version 0.1.0 only
Operating Systems: Linux, Unix-like systems
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems using libmicrodns 0.1.0. Applications must be actively using mDNS functionality to be vulnerable.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Libmicrodns by Videolabs

View all CVEs affecting Libmicrodns →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service disruption of mDNS functionality, potentially affecting service discovery, device connectivity, and network operations that rely on mDNS.

🟠

Likely Case

Targeted mDNS service crashes requiring restart, causing temporary service disruption for affected applications.

🟢

If Mitigated

Minimal impact with proper network segmentation and updated software.

🌐 Internet-Facing: MEDIUM - Requires mDNS to be exposed to untrusted networks, which is uncommon but possible in some configurations.
🏢 Internal Only: MEDIUM - Internal attackers or compromised devices could exploit this to disrupt local service discovery.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires sending specially crafted mDNS packets to the vulnerable service. The vulnerability is well-documented with technical details available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 0.2.0 and later

Vendor Advisory: https://github.com/videolabs/libmicrodns/releases

Restart Required: Yes

Instructions:

1. Update libmicrodns to version 0.2.0 or later. 2. Rebuild any applications using libmicrodns. 3. Restart affected services.

🔧 Temporary Workarounds

Network Segmentation

linux

Restrict mDNS traffic to trusted networks only

iptables -A INPUT -p udp --dport 5353 -s ! TRUSTED_NETWORK -j DROP

Disable mDNS

linux

Disable mDNS functionality if not required

systemctl stop avahi-daemon
systemctl disable avahi-daemon

🧯 If You Can't Patch

  • Implement strict network filtering to block mDNS traffic from untrusted sources
  • Monitor for mDNS service crashes and implement automated restart mechanisms

🔍 How to Verify

Check if Vulnerable:

Check libmicrodns version: dpkg -l | grep libmicrodns or rpm -qa | grep libmicrodns

Check Version:

pkg-config --modversion libmicrodns

Verify Fix Applied:

Verify version is 0.2.0 or later: microdns --version

📡 Detection & Monitoring

Log Indicators:

  • Service crashes of mDNS-related processes
  • Segmentation fault errors in system logs

Network Indicators:

  • Unusual mDNS traffic patterns
  • Multiple mDNS packets with compression pointers

SIEM Query:

source="systemd" AND "segmentation fault" AND ("microdns" OR "avahi")

📊 Metadata

CVE ID: CVE-2020-6071
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-674
Published: March 24, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-6071, you might also want to check these:

CVE-2023-51803 9.8

This vulnerability in Heimdall allows attackers to upload malicious icons containing PHP code, poten...

Same vulnerability type (CWE-674)
CVE-2024-37973 8.8

CVE-2024-37973 is a Secure Boot security feature bypass vulnerability that allows attackers to circu...

Same vulnerability type (CWE-674)
CVE-2024-20311 8.6

An unauthenticated remote attacker can send specially crafted LISP packets to vulnerable Cisco devic...

Same vulnerability type (CWE-674)