CVSS: 7.5EPSS: 74%CPEs: 45EXPL: 1CVE-2011-1002 – avahi: daemon infinite loop triggered by an empty UDP packet (CVE-2010-2244 fix regression)
https://notcve.org/view.php?id=CVE-2011-1002
22 Feb 2011 — avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244. avahi-core/socket.c en avahi-daemon en Avahi antes de v0.6.29 permite a atacantes remotos provocar una denegación de servicio (bucle infinito) a través de un paquete UDP (1) IPv4 o (2) IPv6 vacíos al puerto 5353. NOTA: esta vulnerabilidad ex... • http://avahi.org/ticket/325 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2010-2244 – avahi: assertion failure after receiving a packet with corrupted checksum
https://notcve.org/view.php?id=CVE-2010-2244
07 Jul 2010 — The AvahiDnsPacket function in avahi-core/socket.c in avahi-daemon in Avahi 0.6.16 and 0.6.25 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNS packet with an invalid checksum followed by a DNS packet with a valid checksum, a different vulnerability than CVE-2008-5081. La función AvahiDnsPacket en avahi-core/socket.c en avahi-daemon en Avahi v0.6.16 y v0.6.25 permite a atacantes remotos provocar una denegación de servicio (error de aserción y cuelgue del demo... • http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043800.html •
CVSS: 7.5EPSS: 71%CPEs: 30EXPL: 2CVE-2008-5081 – Avahi < 0.6.24 - mDNS Daemon Remote Denial of Service
https://notcve.org/view.php?id=CVE-2008-5081
17 Dec 2008 — The originates_from_local_legacy_unicast_socket function (avahi-core/server.c) in avahi-daemon in Avahi before 0.6.24 allows remote attackers to cause a denial of service (crash) via a crafted mDNS packet with a source port of 0, which triggers an assertion failure. La función originates_from_local_legacy_unicast_socket (avahi-core/server.c)en avahi-daemon en Avahi anterior a v0.6.24 permite a atacantes remotos producir una denegación de servicio (caída) a través de un paquete mDNS manipulado con un puerto ... • https://packetstorm.news/files/id/180498 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3372
https://notcve.org/view.php?id=CVE-2007-3372
22 Jun 2007 — The Avahi daemon in Avahi before 0.6.20 allows attackers to cause a denial of service (exit) via empty TXT data over D-Bus, which triggers an assert error. El demonio Avahi en Avahi versiones anteriores a 0.6.20 permite a atacantes provocar una denegación de servicio (salida) mediante datos TXT vacíos a través de D-Bus, que dispara un error de aserción. • http://avahi.org/changeset/1482 •
CVSS: 7.5EPSS: 3%CPEs: 9EXPL: 0CVE-2006-6870
https://notcve.org/view.php?id=CVE-2006-6870
31 Dec 2006 — The consume_labels function in avahi-core/dns.c in Avahi before 0.6.16 allows remote attackers to cause a denial of service (infinite loop) via a crafted compressed DNS response with a label that points to itself. La función consume_labels en avahi-core/dns.c en Avahi before 0.6.16 permite a un atacante remoto provocar denegación de servicio (bucle infinito) a través de respuestas DNS comprimidas manipuladas con una etiqueta que apunta así misma. • http://fedoranews.org/cms/node/2362 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2006-5461
https://notcve.org/view.php?id=CVE-2006-5461
14 Nov 2006 — Avahi before 0.6.15 does not verify the sender identity of netlink messages to ensure that they come from the kernel instead of another process, which allows local users to spoof network changes to Avahi. Avahi anterior a 0.6.15 no verifica la identidad del remitente de mensajes netlink para asegurar que provienen del núcleo en lugar que de otro proceso, lo cual permite a usuarios locales suplantar cambios de red en Avahi. • http://avahi.org/milestone/Avahi%200.6.15 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2006-2288
https://notcve.org/view.php?id=CVE-2006-2288
09 May 2006 — Avahi before 0.6.10 allows local users to cause a denial of service (mDNS/DNS-SD service disconnect) via unspecified mDNS name conflicts. • http://0pointer.de/cgi-bin/viewcvs.cgi/%2Acheckout%2A/trunk/docs/NEWS?root=avahi •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2006-2289
https://notcve.org/view.php?id=CVE-2006-2289
09 May 2006 — Buffer overflow in avahi-core in Avahi before 0.6.10 allows local users to execute arbitrary code via unknown vectors. • http://0pointer.de/cgi-bin/viewcvs.cgi/%2Acheckout%2A/trunk/docs/NEWS?root=avahi •