Avahi

Avahi

20 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2021-26720

  • EPSS 0.03%
  • Published 17.02.2021 22:15:12
  • Last modified 21.11.2024 05:56:44

avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files unde...

9.1

CVE-2017-6519

Exploit
  • EPSS 1.69%
  • Published 01.05.2017 01:59:00
  • Last modified 20.04.2025 01:37:25

avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) and may cause information leaka...

5

CVE-2011-1002

Exploit
  • EPSS 73.49%
  • Published 22.02.2011 19:00:02
  • Last modified 11.04.2025 00:51:21

avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect f...

4.3

CVE-2010-2244

  • EPSS 1.3%
  • Published 08.07.2010 12:54:47
  • Last modified 11.04.2025 00:51:21

The AvahiDnsPacket function in avahi-core/socket.c in avahi-daemon in Avahi 0.6.16 and 0.6.25 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNS packet with an invalid checksum followed by a DNS packet ...

5

CVE-2008-5081

  • EPSS 71.17%
  • Published 17.12.2008 02:30:00
  • Last modified 09.04.2025 00:30:58

The originates_from_local_legacy_unicast_socket function (avahi-core/server.c) in avahi-daemon in Avahi before 0.6.24 allows remote attackers to cause a denial of service (crash) via a crafted mDNS packet with a source port of 0, which triggers an as...

2.1

CVE-2007-3372

  • EPSS 0.1%
  • Published 22.06.2007 21:30:00
  • Last modified 09.04.2025 00:30:58

The Avahi daemon in Avahi before 0.6.20 allows attackers to cause a denial of service (exit) via empty TXT data over D-Bus, which triggers an assert error.

5

CVE-2006-6870

  • EPSS 4.63%
  • Published 31.12.2006 05:00:00
  • Last modified 09.04.2025 00:30:58

The consume_labels function in avahi-core/dns.c in Avahi before 0.6.16 allows remote attackers to cause a denial of service (infinite loop) via a crafted compressed DNS response with a label that points to itself.

2.1

CVE-2006-5461

  • EPSS 0.08%
  • Published 14.11.2006 22:07:00
  • Last modified 09.04.2025 00:30:58

Avahi before 0.6.15 does not verify the sender identity of netlink messages to ensure that they come from the kernel instead of another process, which allows local users to spoof network changes to Avahi.

3.6

CVE-2006-2288

  • EPSS 0.07%
  • Published 10.05.2006 02:14:00
  • Last modified 03.04.2025 01:03:51

Avahi before 0.6.10 allows local users to cause a denial of service (mDNS/DNS-SD service disconnect) via unspecified mDNS name conflicts.

2.1

CVE-2006-2289

  • EPSS 0.12%
  • Published 10.05.2006 02:14:00
  • Last modified 03.04.2025 01:03:51

Buffer overflow in avahi-core in Avahi before 0.6.10 allows local users to execute arbitrary code via unknown vectors.