Heap-based buffer overflow in tinysvcmdns - CVE-2017-12087
Published: November 20, 2017 / Updated: November 21, 2017
Vulnerability identifier: #VU9381
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber
CVE-ID: CVE-2017-12087
CWE-ID: CWE-122
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: geekman
Affected software:
tinysvcmdns
tinysvcmdns
Detailed vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists in the tinysvcmdns library due to heap-based buffer overflow when processing of crafted DNS packets. A remote unauthenticated attacker can send a specially crafted DNS packets, make the library overwrite an arbitrary amount of data on the heap with attacker controlled values and execute arbitrary code with privileges of the current user.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
How to mitigate CVE-2017-12087
Cybersecurity Help is currently unaware of any solutions resolving the vulnerability.