A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function.
CVSS Score
6.2
EPSS Score
0.0
Published
2023-11-02
A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record.
CVSS Score
6.2
EPSS Score
0.0
Published
2023-11-02
A vulnerability was found in Avahi. A reachable assertion exists in the avahi_escape_label() function.
CVSS Score
6.2
EPSS Score
0.0
Published
2023-11-02
A vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function.
CVSS Score
6.2
EPSS Score
0.0
Published
2023-11-02
A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function.
CVSS Score
6.2
EPSS Score
0.0
Published
2023-11-02
avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon. NOTE: this only affects the packaging for Debian GNU/Linux (used indirectly by SUSE), not the upstream Avahi product.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-02-17
avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) and may cause information leakage by obtaining potentially sensitive information from the responding device via port-5353 UDP packets. NOTE: this may overlap CVE-2015-2809.
CVSS Score
9.1
EPSS Score
0.016
Published
2017-05-01
avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244.
CVSS Score
5.0
EPSS Score
0.753
Published
2011-02-22
The originates_from_local_legacy_unicast_socket function (avahi-core/server.c) in avahi-daemon in Avahi before 0.6.24 allows remote attackers to cause a denial of service (crash) via a crafted mDNS packet with a source port of 0, which triggers an assertion failure.
CVSS Score
5.0
EPSS Score
0.712
Published
2008-12-17
The Avahi daemon in Avahi before 0.6.20 allows attackers to cause a denial of service (exit) via empty TXT data over D-Bus, which triggers an assert error.
CVSS Score
2.1
EPSS Score
0.001
Published
2007-06-22
Page 1