CVE-2020-6078: 
NixOS vulnerability analysis and mitigation

An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. The vulnerability was discovered in March 2020 and affects the mDNS message parsing functionality. When parsing mDNS messages in mdns_recv, the return value of the mdns_read_header function is not checked, leading to an uninitialized variable usage that eventually results in a null pointer dereference, causing the service to crash (Talos Report).

The vulnerability occurs in the mdns_listen_probe_network function which handles data structures for receiving mDNS messages. The function declares an mdns_hdr structure to store the header of the last mDNS message processed and calls mdns_recv to fill this structure. The critical issue is that the return value of mdns_read_header function is not checked after being called. Since the contents of the hdr structures are not reset between each call of mdns_recv, this leads to accessing uninitialized data. The vulnerability has been assigned a CVSS v3.1 Base Score of 7.5 (HIGH) with vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H (Talos Report).

When successfully exploited, this vulnerability can lead to a denial of service condition through a service crash. The vulnerability allows an attacker to send a series of mDNS messages that trigger a null pointer dereference, effectively disrupting the service operation (NVD).

The vulnerability was patched by the vendor on March 20, 2020. Users should upgrade to a version newer than 0.1.0. For systems that cannot be immediately updated, Debian implemented a temporary mitigation by disabling the microdns plugin in their security update (Debian Advisory, Gentoo Advisory).