CVE-2020-6080: 
NixOS vulnerability analysis and mitigation

CVE-2020-6080 is a denial-of-service vulnerability discovered in Videolabs libmicrodns version 0.1.0. The vulnerability exists in the resource allocation handling of the library, specifically when encountering errors while parsing mDNS messages. When the RR type is 0x10, the function rr_read_TXT is called, and due to improper memory handling, some allocated data is not freed, potentially leading to a denial-of-service condition via resource exhaustion (Talos Intelligence).

The vulnerability occurs in the rr_read_TXT function when parsing TXT records. The function expects to extract variable-length strings from the RDATA section. It extracts a length at position 0 and copies the data into text->txt after allocating space for it. During parsing, if the condition at *n < l is met, the function returns NULL without first freeing the allocated text structures. This means that any TXT answer with more than one string in the RDATA section, containing an invalid string length at the end, would trigger this condition, causing a resource leak (Talos Intelligence).

The vulnerability allows an attacker to exploit this behavior by sending multiple TXT answers, which can lead to excessive memory consumption due to memory leaks. This can ultimately result in resource exhaustion and cause a denial of service condition (Talos Intelligence).

The vulnerability was patched in libmicrodns version 0.1.2. Users are advised to upgrade to this version or later to address the security issue. For Debian systems, the issue was addressed by disabling the microdns plugin in VLC media player (Debian Security).