CVSS: 5.0EPSS: 7%CPEs: 45EXPL: 1CVE-2011-1002 – avahi: daemon infinite loop triggered by an empty UDP packet (CVE-2010-2244 fix regression)
https://notcve.org/view.php?id=CVE-2011-1002
avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244. avahi-core/socket.c en avahi-daemon en Avahi antes de v0.6.29 permite a atacantes remotos provocar una denegación de servicio (bucle infinito) a través de un paquete UDP (1) IPv4 o (2) IPv6 vacíos al puerto 5353. NOTA: esta vulnerabilidad existe debido a una corrección incorrecta del CVE-2010-2244. • http://avahi.org/ticket/325 http://git.0pointer.de/?p=avahi.git%3Ba=commit%3Bh=46109dfec75534fe270c0ab902576f685d5ab3a6 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055858.html http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html http://openwall.com/lists/oss-security/2011/02/18/1 http://openwall.com/lists/oss-security/2011/02/18/4 http://osvdb.org/70948 http://secunia.com/advisories/43361 http://secunia.com/advisories/43465 http:/& • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 4.3EPSS: 3%CPEs: 2EXPL: 0CVE-2010-2244 – avahi: assertion failure after receiving a packet with corrupted checksum
https://notcve.org/view.php?id=CVE-2010-2244
The AvahiDnsPacket function in avahi-core/socket.c in avahi-daemon in Avahi 0.6.16 and 0.6.25 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNS packet with an invalid checksum followed by a DNS packet with a valid checksum, a different vulnerability than CVE-2008-5081. La función AvahiDnsPacket en avahi-core/socket.c en avahi-daemon en Avahi v0.6.16 y v0.6.25 permite a atacantes remotos provocar una denegación de servicio (error de aserción y cuelgue del demonio) a través de un paquete DNS con una suma de comprobación no válida seguido por un paquete DNS con una suma de comprobación válida, una vulnerabilidad diferente de CVE-2008-5081. • http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043800.html http://lists.fedoraproject.org/pipermail/package-announce/2010-July/043820.html http://marc.info/?l=oss-security&m=127748459505200&w=2 http://www.debian.org/security/2010/dsa-2086 http://www.mandriva.com/security/advisories?name=MDVSA-2010:204 http://www.openwall.com/lists/oss-security/2010/06/23/4 http://www.securitytracker.com/id?1024200 https://bugzilla.redhat.com/show_bug.cgi?id=607293 https:/& •
CVSS: 5.0EPSS: 95%CPEs: 30EXPL: 1CVE-2008-5081 – Avahi < 0.6.24 - mDNS Daemon Remote Denial of Service
https://notcve.org/view.php?id=CVE-2008-5081
The originates_from_local_legacy_unicast_socket function (avahi-core/server.c) in avahi-daemon in Avahi before 0.6.24 allows remote attackers to cause a denial of service (crash) via a crafted mDNS packet with a source port of 0, which triggers an assertion failure. La función originates_from_local_legacy_unicast_socket (avahi-core/server.c)en avahi-daemon en Avahi anterior a v0.6.24 permite a atacantes remotos producir una denegación de servicio (caída) a través de un paquete mDNS manipulado con un puerto de origen de 0, que dispara un fallo de evaluación. Avahi-daemon versions prior to 0.6.24 can be DoSd with an mDNS packet with a source port of 0. • https://www.exploit-db.com/exploits/7520 http://avahi.org/milestone/Avahi%200.6.24 http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html http://secunia.com/advisories/33153 http://secunia.com/advisories/33220 http://secunia.com/advisories/33279 http://secunia.com/advisories/33475 http://security.gentoo.org/glsa/glsa-200901-11.xml http://www.debian.org/security/2008/dsa-1690 http://www.openwall.com/lists/oss-security/2008/12/14/1 http://www • CWE-399: Resource Management Errors •
CVSS: 2.1EPSS: 2%CPEs: 1EXPL: 0CVE-2007-3372
https://notcve.org/view.php?id=CVE-2007-3372
The Avahi daemon in Avahi before 0.6.20 allows attackers to cause a denial of service (exit) via empty TXT data over D-Bus, which triggers an assert error. El demonio Avahi en Avahi versiones anteriores a 0.6.20 permite a atacantes provocar una denegación de servicio (salida) mediante datos TXT vacíos a través de D-Bus, que dispara un error de aserción. • http://avahi.org/changeset/1482 http://avahi.org/milestone/Avahi%200.6.20 http://osvdb.org/37507 http://secunia.com/advisories/25811 http://secunia.com/advisories/26083 http://secunia.com/advisories/26791 http://secunia.com/advisories/33220 http://secunia.com/advisories/33279 http://www.debian.org/security/2008/dsa-1690 http://www.mandriva.com/security/advisories?name=MDKSA-2007:185 http://www.novell.com/linux/security/advisories/2007_14_sr.html http://www.sec •
CVSS: 5.0EPSS: 12%CPEs: 9EXPL: 0CVE-2006-6870
https://notcve.org/view.php?id=CVE-2006-6870
The consume_labels function in avahi-core/dns.c in Avahi before 0.6.16 allows remote attackers to cause a denial of service (infinite loop) via a crafted compressed DNS response with a label that points to itself. La función consume_labels en avahi-core/dns.c en Avahi before 0.6.16 permite a un atacante remoto provocar denegación de servicio (bucle infinito) a través de respuestas DNS comprimidas manipuladas con una etiqueta que apunta así misma. • http://fedoranews.org/cms/node/2362 http://fedoranews.org/cms/node/2408 http://secunia.com/advisories/23628 http://secunia.com/advisories/23644 http://secunia.com/advisories/23660 http://secunia.com/advisories/23673 http://secunia.com/advisories/23782 http://secunia.com/advisories/24995 http://www.avahi.org/#December2006 http://www.avahi.org/changeset/1340 http://www.avahi.org/ticket/84 http://www.mandriva.com/security/advisories?name=MDKSA-2007:003 http:// •