CVE-2020-6080

critical

Published — · Modified —

CVSS v3

—

CVSS v2

—

VIR risk

9.5

Description

An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger this vulnerability through the function rr_read_RR [5] reads the current resource record, except for the RDATA section. This is read by the loop at in rr_read. For each RR type, a different function is called. When the RR type is 0x10, the function rr_read_TXT is called at [6].

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2020-6080

vendor Authored 2026-05-27

Vendor advisory: arch — https://security.archlinux.org/ASA-202004-24

OS impact

OS	Version	Status	Fixed in
arch		fixed	`0.1.2-1`
debian	forky	fixed	`0.2.0-1`
debian	sid	fixed	`0.2.0-1`
debian	trixie	fixed	`0.2.0-1`
debian	bookworm	fixed	`3.0.8-4`
debian	bullseye	fixed	`3.0.8-4`

References

Verify integrity in audit chain (admin only). AS-IS.