Vulnerability in tinysvcmdns (TALOS-2017-0486)
Bug #1733690 reported by
Talos Security Advisory
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
shairport-sync (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
### Summary
An exploitable NULL pointer dereference vulnerability exists in the tinysvcmdns library version 2017-11-05. A specially crafted packet can make the library dereference a NULL pointer leading to server crash and denial of service. An attacker needs to send a DNS query to trigger this vulnerability.
CVE References
information type: | Private Security → Public Security |
Changed in shairport-sync (Ubuntu): | |
status: | New → Confirmed |
To post a comment you must log in.
Thanks for reporting this issue. Has a CVE been assigned?
This appears to be related to issue /bitbucket. org/geekman/ tinysvcmdns/ issues/ 7/talos- security- advisory- for-tinysvcmdns
https:/
Please let me know if this is incorrect.
Versions of tinysvcmdns are incorporated in shairport-sync and clementine which are both community supported packages.