Avahi : Security Vulnerabilities, CVEs, CVSS score >= 6
A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function.
Max CVSS
6.2
EPSS Score
0.04%
Published
2023-11-02
Updated
2023-11-09
A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function.
Max CVSS
6.2
EPSS Score
0.04%
Published
2023-11-02
Updated
2023-11-09
A vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function.
Max CVSS
6.2
EPSS Score
0.04%
Published
2023-11-02
Updated
2023-11-09
A vulnerability was found in Avahi. A reachable assertion exists in the avahi_escape_label() function.
Max CVSS
6.2
EPSS Score
0.04%
Published
2023-11-02
Updated
2023-11-09
A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record.
Max CVSS
6.2
EPSS Score
0.04%
Published
2023-11-02
Updated
2023-11-09
avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon. NOTE: this only affects the packaging for Debian GNU/Linux (used indirectly by SUSE), not the upstream Avahi product.
Max CVSS
7.8
EPSS Score
0.04%
Published
2021-02-17
Updated
2022-12-06
avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) and may cause information leakage by obtaining potentially sensitive information from the responding device via port-5353 UDP packets. NOTE: this may overlap CVE-2015-2809.
Max CVSS
9.1
EPSS Score
4.77%
Published
2017-05-01
Updated
2020-07-29
The originates_from_local_legacy_unicast_socket function in avahi-core/server.c in avahi-daemon 0.6.23 does not account for the network byte order of a port number when processing incoming multicast packets, which allows remote attackers to cause a denial of service (network bandwidth and CPU consumption) via a crafted legacy unicast mDNS query packet that triggers a multicast packet storm.
Max CVSS
7.8
EPSS Score
3.26%
Published
2009-03-03
Updated
2010-08-12
8 vulnerabilities found