Avahi

Avahi

20 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2021-26720

  • EPSS 0.03%
  • Veröffentlicht 17.02.2021 22:15:12
  • Zuletzt bearbeitet 21.11.2024 05:56:44

avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files unde...

9.1

CVE-2017-6519

Exploit
  • EPSS 1.69%
  • Veröffentlicht 01.05.2017 01:59:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) and may cause information leaka...

5

CVE-2011-1002

Exploit
  • EPSS 73.49%
  • Veröffentlicht 22.02.2011 19:00:02
  • Zuletzt bearbeitet 11.04.2025 00:51:21

avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect f...

4.3

CVE-2010-2244

  • EPSS 1.3%
  • Veröffentlicht 08.07.2010 12:54:47
  • Zuletzt bearbeitet 11.04.2025 00:51:21

The AvahiDnsPacket function in avahi-core/socket.c in avahi-daemon in Avahi 0.6.16 and 0.6.25 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNS packet with an invalid checksum followed by a DNS packet ...

5

CVE-2008-5081

  • EPSS 71.17%
  • Veröffentlicht 17.12.2008 02:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The originates_from_local_legacy_unicast_socket function (avahi-core/server.c) in avahi-daemon in Avahi before 0.6.24 allows remote attackers to cause a denial of service (crash) via a crafted mDNS packet with a source port of 0, which triggers an as...

2.1

CVE-2007-3372

  • EPSS 0.1%
  • Veröffentlicht 22.06.2007 21:30:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The Avahi daemon in Avahi before 0.6.20 allows attackers to cause a denial of service (exit) via empty TXT data over D-Bus, which triggers an assert error.

5

CVE-2006-6870

  • EPSS 4.63%
  • Veröffentlicht 31.12.2006 05:00:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The consume_labels function in avahi-core/dns.c in Avahi before 0.6.16 allows remote attackers to cause a denial of service (infinite loop) via a crafted compressed DNS response with a label that points to itself.

2.1

CVE-2006-5461

  • EPSS 0.08%
  • Veröffentlicht 14.11.2006 22:07:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Avahi before 0.6.15 does not verify the sender identity of netlink messages to ensure that they come from the kernel instead of another process, which allows local users to spoof network changes to Avahi.

3.6

CVE-2006-2288

  • EPSS 0.07%
  • Veröffentlicht 10.05.2006 02:14:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Avahi before 0.6.10 allows local users to cause a denial of service (mDNS/DNS-SD service disconnect) via unspecified mDNS name conflicts.

2.1

CVE-2006-2289

  • EPSS 0.12%
  • Veröffentlicht 10.05.2006 02:14:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Buffer overflow in avahi-core in Avahi before 0.6.10 allows local users to execute arbitrary code via unknown vectors.