Vulnerability Details : CVE-2007-3372
The Avahi daemon in Avahi before 0.6.20 allows attackers to cause a denial of service (exit) via empty TXT data over D-Bus, which triggers an assert error.
Vulnerability category: Denial of service
Exploit prediction scoring system (EPSS) score for CVE-2007-3372
Probability of exploitation activity in the next 30 days: 0.07%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 29 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2007-3372
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:N/A:P |
3.9
|
2.9
|
NIST |
Vendor statements for CVE-2007-3372
-
Red Hat 2009-01-08Not vulnerable. This issue did not affect the versions of avahi as shipped with Red Hat Enterprise Linux 5.
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/35036
-
http://www.vupen.com/english/advisories/2007/2317
-
http://avahi.org/changeset/1482
-
http://avahi.org/milestone/Avahi%200.6.20
Patch
-
http://www.securityfocus.com/archive/1/472443/100/0/threaded
- http://www.ubuntu.com/usn/usn-696-1
- http://www.debian.org/security/2008/dsa-1690
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:185
-
http://www.securityfocus.com/bid/24614
-
http://www.securitytracker.com/id?1018706
- http://www.novell.com/linux/security/advisories/2007_14_sr.html
- cpe:2.3:a:avahi:avahi:*:*:*:*:*:*:*:*