An issue was discovered in FNET through 4.6.4. The code for processing resource records in mDNS queries doesn’t check for proper ‘ ‘ termination of the resource record name string, leading to an out-of-bounds read, and potentially causing information leak or Denial-or-Service.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24383
Reference (s):
- https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01
- https://www.kb.cert.org/vuls/id/815128