Your submission was sent successfully! Close

CVE-2017-12087

Published: 24 April 2018

An exploitable heap overflow vulnerability exists in the tinysvcmdns library version 2016-07-18. A specially crafted packet can make the library overwrite an arbitrary amount of data on the heap with attacker controlled values. An attacker needs send a dns packet to trigger this vulnerability.

Priority

Low

CVSS 3 base score: 9.8

Status

Package Release Status
shairport-sync
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic Not vulnerable
(3.1.4-1)
cosmic Not vulnerable
(3.1.4-1)
precise Does not exist

trusty Does not exist

upstream
Released (3.1.4-1)
xenial Not vulnerable

zesty Ignored
(reached end-of-life)