Vulnerabilities > Avahi > Avahi > 0.6.6

DATE CVE VULNERABILITY TITLE RISK
2023-11-02 CVE-2023-38473 Reachable Assertion vulnerability in multiple products
A vulnerability was found in Avahi.
local
low complexity
avahi redhat CWE-617
5.5
5.5
2023-11-02 CVE-2023-38469 Reachable Assertion vulnerability in multiple products
A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record.
local
low complexity
avahi redhat CWE-617
5.5
5.5
2023-11-02 CVE-2023-38470 Reachable Assertion vulnerability in multiple products
A vulnerability was found in Avahi.
local
low complexity
avahi redhat CWE-617
5.5
5.5
2023-11-02 CVE-2023-38471 Reachable Assertion vulnerability in multiple products
A vulnerability was found in Avahi.
local
low complexity
avahi redhat CWE-617
5.5
5.5
2023-11-02 CVE-2023-38472 Reachable Assertion vulnerability in multiple products
A vulnerability was found in Avahi.
local
low complexity
avahi redhat CWE-617
5.5
5.5
2021-06-02 CVE-2021-3468 Infinite Loop vulnerability in multiple products
A flaw was found in avahi in versions 0.6 up to 0.8.
local
low complexity
avahi debian CWE-835
5.5
5.5
2021-02-17 CVE-2021-26720 Link Following vulnerability in multiple products
avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon.
local
low complexity
avahi debian CWE-59
7.8
7.8
2017-05-01 CVE-2017-6519 Origin Validation Error vulnerability in multiple products
avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) and may cause information leakage by obtaining potentially sensitive information from the responding device via port-5353 UDP packets.
network
low complexity
avahi canonical CWE-346
critical
 9.1
9.1
2008-12-17 CVE-2008-5081 Resource Management Errors vulnerability in Avahi
The originates_from_local_legacy_unicast_socket function (avahi-core/server.c) in avahi-daemon in Avahi before 0.6.24 allows remote attackers to cause a denial of service (crash) via a crafted mDNS packet with a source port of 0, which triggers an assertion failure.
network
low complexity
avahi CWE-399
5.0
5.0
2007-06-22 CVE-2007-3372 Denial Of Service vulnerability in Avahi Empty TXT Data
The Avahi daemon in Avahi before 0.6.20 allows attackers to cause a denial of service (exit) via empty TXT data over D-Bus, which triggers an assert error.
local
low complexity
avahi
2.1
2.1