Vulnerability Details CVE-2017-6519
avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) and may cause information leakage by obtaining potentially sensitive information from the responding device via port-5353 UDP packets. NOTE: this may overlap CVE-2015-2809.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.016
EPSS Ranking 81.0%
CVSS Severity
CVSS v3 Score 9.1
CVSS v2 Score 6.4
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1426712
- https://github.com/lathiat/avahi/issues/203
- https://github.com/lathiat/avahi/issues/203#issuecomment-449536790
- https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E
- https://usn.ubuntu.com/3876-1/
- https://usn.ubuntu.com/3876-2/
- https://www.secfu.net/advisories
- https://bugzilla.redhat.com/show_bug.cgi?id=1426712
- https://github.com/lathiat/avahi/issues/203
- https://github.com/lathiat/avahi/issues/203#issuecomment-449536790
- https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E
- https://usn.ubuntu.com/3876-1/
- https://usn.ubuntu.com/3876-2/
- https://www.secfu.net/advisories
Products affected by CVE-2017-6519
-
cpe:2.3:a:avahi:avahi:0.1
-
cpe:2.3:a:avahi:avahi:0.2
-
cpe:2.3:a:avahi:avahi:0.3
-
cpe:2.3:a:avahi:avahi:0.4
-
cpe:2.3:a:avahi:avahi:0.5
-
cpe:2.3:a:avahi:avahi:0.5.1
-
cpe:2.3:a:avahi:avahi:0.5.2
-
cpe:2.3:a:avahi:avahi:0.6
-
cpe:2.3:a:avahi:avahi:0.6.1
-
cpe:2.3:a:avahi:avahi:0.6.10
-
cpe:2.3:a:avahi:avahi:0.6.11
-
cpe:2.3:a:avahi:avahi:0.6.12
-
cpe:2.3:a:avahi:avahi:0.6.13
-
cpe:2.3:a:avahi:avahi:0.6.14
-
cpe:2.3:a:avahi:avahi:0.6.15
-
cpe:2.3:a:avahi:avahi:0.6.16
-
cpe:2.3:a:avahi:avahi:0.6.17
-
cpe:2.3:a:avahi:avahi:0.6.18
-
cpe:2.3:a:avahi:avahi:0.6.19
-
cpe:2.3:a:avahi:avahi:0.6.2
-
cpe:2.3:a:avahi:avahi:0.6.20
-
cpe:2.3:a:avahi:avahi:0.6.21
-
cpe:2.3:a:avahi:avahi:0.6.22
-
cpe:2.3:a:avahi:avahi:0.6.23
-
cpe:2.3:a:avahi:avahi:0.6.24
-
cpe:2.3:a:avahi:avahi:0.6.25
-
cpe:2.3:a:avahi:avahi:0.6.26
-
cpe:2.3:a:avahi:avahi:0.6.27
-
cpe:2.3:a:avahi:avahi:0.6.28
-
cpe:2.3:a:avahi:avahi:0.6.29
-
cpe:2.3:a:avahi:avahi:0.6.3
-
cpe:2.3:a:avahi:avahi:0.6.30
-
cpe:2.3:a:avahi:avahi:0.6.31
-
cpe:2.3:a:avahi:avahi:0.6.32
-
cpe:2.3:a:avahi:avahi:0.6.4
-
cpe:2.3:a:avahi:avahi:0.6.5
-
cpe:2.3:a:avahi:avahi:0.6.6
-
cpe:2.3:a:avahi:avahi:0.6.7
-
cpe:2.3:a:avahi:avahi:0.6.8
-
cpe:2.3:a:avahi:avahi:0.6.9
-
cpe:2.3:a:avahi:avahi:0.7
-
cpe:2.3:o:canonical:ubuntu_linux:12.04
-
cpe:2.3:o:canonical:ubuntu_linux:14.04
-
cpe:2.3:o:canonical:ubuntu_linux:16.04
-
cpe:2.3:o:canonical:ubuntu_linux:18.04
-
cpe:2.3:o:canonical:ubuntu_linux:18.10