Wednesday, January 17, 2018

Vulnerability Spotlight: Tinysvcmdns Multi-label DNS DoS Vulnerability


Talos is disclosing a single NULL pointer dereference vulnerability in the tinysvcmdns library. Tinysvcmdns is a tiny MDNS responder implementation for publishing services. This is essentially a mini and embedded version of Avahi or Bonjour. 


Discovered by Claudio Bozzato, Yves Younan, Lilith Wyatt, and Aleksandar Nikolic of Cisco Talos.

TALOS-2017-0486 / CVE-2017-12130 is a NULL pointer dereference vulnerability in the tinysvcmdns library. The vulnerability lies in the way that tinysvcmdns parses labels in DNS requests. This issue results in a NULL pointer, which when dereferenced results in a denial of service. An attacker could trigger this vulnerability by sending a specially crafted DNS query. Full details of the vulnerability are available here.


The following Snort rules will detect exploitation attempts. Note that additional rules may be released at a future date, and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or

Snort Rule: 44986

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.