Executive Summary
Summary | |
---|---|
Title | vlc security update |
Informations | |||
---|---|---|---|
Name | DSA-4671 | First vendor Publication | 2020-04-30 |
Vendor | Debian | Last vendor Modification | 2020-04-30 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | |||
---|---|---|---|
Overall CVSS Score | 9.8 | ||
Base Score | 9.8 | Environmental Score | 9.8 |
impact SubScore | 5.9 | Temporal Score | 9.8 |
Exploitabality Sub Score | 3.9 | ||
Attack Vector | Network | Attack Complexity | Low |
Privileges Required | None | User Interaction | None |
Scope | Unchanged | Confidentiality Impact | High |
Integrity Impact | High | Availability Impact | High |
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Multiple security issues were discovered in the microdns plugin of the VLC media player, which could result in denial of service or potentially the execution of arbitrary code via malicious mDNS packets. For the oldstable distribution (stretch), these problems have been fixed in version 3.0.10-0+deb9u1. This update disables the microdns plugin. For the stable distribution (buster), these problems have been fixed in version 3.0.10-0+deb10u1. This update disables the microdns plugin. We recommend that you upgrade your vlc packages. For the detailed security status of vlc please refer to its security tracker page at: https://security-tracker.debian.org/tracker/vlc |
Original Source
Url : http://www.debian.org/security/2020/dsa-4671 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
29 % | CWE-401 | Failure to Release Memory Before Removing Last Reference ('Memory Leak') |
14 % | CWE-674 | Uncontrolled Recursion |
14 % | CWE-415 | Double Free |
14 % | CWE-252 | Unchecked Return Value |
14 % | CWE-190 | Integer Overflow or Wraparound (CWE/SANS Top 25) |
14 % | CWE-125 | Out-of-bounds Read |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 | |
Os | 2 |
Snort® IPS/IDS
Date | Description |
---|---|
2020-12-05 | TRUFFLEHUNTER TALOS-2020-1002 attack attempt RuleID : 53103 - Revision : 1 - Type : SERVER-OTHER |
2020-12-05 | TRUFFLEHUNTER TALOS-2020-1002 attack attempt RuleID : 53102 - Revision : 1 - Type : SERVER-OTHER |
2020-12-05 | TRUFFLEHUNTER TALOS-2020-1000 attack attempt RuleID : 53099 - Revision : 1 - Type : SERVER-OTHER |
2020-12-05 | TRUFFLEHUNTER TALOS-2020-0996 attack attempt RuleID : 53071 - Revision : 1 - Type : SERVER-OTHER |
2020-12-05 | TRUFFLEHUNTER TALOS-2020-1001 attack attempt RuleID : 53046 - Revision : 1 - Type : PROTOCOL-DNS |
2020-12-05 | TRUFFLEHUNTER TALOS-2018-0671 attack attempt RuleID : 47811 - Revision : 3 - Type : PROTOCOL-DNS |
Alert History
Date | Informations |
---|---|
2020-05-23 13:03:43 |
|
2020-05-01 00:18:48 |
|