Login Sign Up

CVE-2020-6072

9.8 CRITICAL
Remote Code Execution

📋 TL;DR

CVE-2020-6072 is a critical double-free vulnerability in Videolabs libmicrodns 0.1.0 that allows remote code execution via specially crafted mDNS messages. Attackers can exploit this to execute arbitrary code on affected systems. Any system using the vulnerable libmicrodns library for mDNS functionality is at risk.

💻 Affected Systems

Products:
  • Videolabs libmicrodns
Versions: Version 0.1.0 only
Operating Systems: Linux, Unix-like systems
Default Config Vulnerable: ⚠️ Yes
Notes: Any application using libmicrodns 0.1.0 for mDNS functionality is vulnerable regardless of configuration.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Libmicrodns by Videolabs

View all CVEs affecting Libmicrodns →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining root/administrator privileges and establishing persistent access.

🟠

Likely Case

Service disruption, data exfiltration, or lateral movement within the network.

🟢

If Mitigated

Denial of service or application crash if exploit fails.

🌐 Internet-Facing: HIGH - mDNS services are often exposed to local networks and potentially the internet.
🏢 Internal Only: HIGH - mDNS is commonly used in internal networks for service discovery.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires sending mDNS messages to the vulnerable service, which typically doesn't require authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: libmicrodns 0.2.0 or later

Vendor Advisory: https://github.com/videolabs/libmicrodns/releases

Restart Required: Yes

Instructions:

1. Update libmicrodns to version 0.2.0 or later. 2. Rebuild any applications using libmicrodns. 3. Restart affected services.

🔧 Temporary Workarounds

Network Segmentation

linux

Block mDNS traffic (port 5353/udp) at network boundaries to prevent external exploitation.

iptables -A INPUT -p udp --dport 5353 -j DROP

Service Disablement

linux

Disable mDNS services if not required for functionality.

systemctl stop avahi-daemon
systemctl disable avahi-daemon

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate vulnerable systems
  • Deploy intrusion detection systems to monitor for mDNS exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check libmicrodns version: ldd /path/to/application | grep microdns and verify version is 0.1.0

Check Version:

pkg-config --modversion libmicrodns

Verify Fix Applied:

Verify libmicrodns version is 0.2.0 or later: pkg-config --modversion libmicrodns

📡 Detection & Monitoring

Log Indicators:

  • Application crashes
  • Memory corruption errors in system logs
  • Unusual mDNS traffic patterns

Network Indicators:

  • Malformed mDNS packets
  • Unusual traffic to/from port 5353/udp
  • Exploit pattern detection in network traffic

SIEM Query:

source_port=5353 OR dest_port=5353 AND (protocol=udp) AND (payload_contains="compressed label")

📊 Metadata

CVE ID: CVE-2020-6072
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-415
Published: March 24, 2020
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-6072, you might also want to check these:

CVE-2020-35885 9.8

This vulnerability in the alpm-rs Rust crate allows double-free memory corruption due to improper de...

Same vulnerability type (CWE-415)
CVE-2019-5481 9.8

CVE-2019-5481 is a double-free vulnerability in cURL's FTP-kerberos code that allows remote attacker...

Same vulnerability type (CWE-415)
CVE-2021-29940 9.8

This vulnerability in the Rust 'through' crate allows double-free memory corruption when the map fun...

Same vulnerability type (CWE-415)