CVE-2017-12130

Summary

An exploitable NULL pointer dereference vulnerability exists in the tinysvcmdns library version 2017-11-05. A specially crafted packet can make the library dereference a NULL pointer leading to a server crash and denial of service. An attacker needs to send a DNS query to trigger this vulnerability.

Affected Software

VendorProductVersion RangeStatus
TalosTinysvcmdnstinysvcmdns 2017-11-05affected

Weaknesses

  • denial of service

ADP Enrichment

CVE Program Container

Additional References

References