A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function.
Max CVSS
6.2
EPSS Score
0.04%
Published
2023-11-02
Updated
2023-11-09
A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function.
Max CVSS
6.2
EPSS Score
0.04%
Published
2023-11-02
Updated
2023-11-09
A vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function.
Max CVSS
6.2
EPSS Score
0.04%
Published
2023-11-02
Updated
2023-11-09
A vulnerability was found in Avahi. A reachable assertion exists in the avahi_escape_label() function.
Max CVSS
6.2
EPSS Score
0.04%
Published
2023-11-02
Updated
2023-11-09
A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record.
Max CVSS
6.2
EPSS Score
0.04%
Published
2023-11-02
Updated
2023-11-09
avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon. NOTE: this only affects the packaging for Debian GNU/Linux (used indirectly by SUSE), not the upstream Avahi product.
Max CVSS
7.8
EPSS Score
0.04%
Published
2021-02-17
Updated
2022-12-06
avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) and may cause information leakage by obtaining potentially sensitive information from the responding device via port-5353 UDP packets. NOTE: this may overlap CVE-2015-2809.
Max CVSS
9.1
EPSS Score
4.77%
Published
2017-05-01
Updated
2020-07-29
The originates_from_local_legacy_unicast_socket function in avahi-core/server.c in avahi-daemon 0.6.23 does not account for the network byte order of a port number when processing incoming multicast packets, which allows remote attackers to cause a denial of service (network bandwidth and CPU consumption) via a crafted legacy unicast mDNS query packet that triggers a multicast packet storm.
Max CVSS
7.8
EPSS Score
3.26%
Published
2009-03-03
Updated
2010-08-12
8 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!