Vulnerabilities > Avahi

DATE CVE VULNERABILITY TITLE RISK
2010-07-08 CVE-2010-2244 Unspecified vulnerability in Avahi 0.6.16/0.6.25
The AvahiDnsPacket function in avahi-core/socket.c in avahi-daemon in Avahi 0.6.16 and 0.6.25 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNS packet with an invalid checksum followed by a DNS packet with a valid checksum, a different vulnerability than CVE-2008-5081.
network
avahi
4.3
2009-03-03 CVE-2009-0758 Resource Management Errors vulnerability in Avahi Avahi-Daemon 0.6.23
The originates_from_local_legacy_unicast_socket function in avahi-core/server.c in avahi-daemon 0.6.23 does not account for the network byte order of a port number when processing incoming multicast packets, which allows remote attackers to cause a denial of service (network bandwidth and CPU consumption) via a crafted legacy unicast mDNS query packet that triggers a multicast packet storm.
network
low complexity
avahi CWE-399
7.8
2008-12-17 CVE-2008-5081 Resource Management Errors vulnerability in Avahi
The originates_from_local_legacy_unicast_socket function (avahi-core/server.c) in avahi-daemon in Avahi before 0.6.24 allows remote attackers to cause a denial of service (crash) via a crafted mDNS packet with a source port of 0, which triggers an assertion failure.
network
low complexity
avahi CWE-399
5.0
2007-06-22 CVE-2007-3372 Denial Of Service vulnerability in Avahi Empty TXT Data
The Avahi daemon in Avahi before 0.6.20 allows attackers to cause a denial of service (exit) via empty TXT data over D-Bus, which triggers an assert error.
local
low complexity
avahi
2.1
2006-12-31 CVE-2006-6870 Denial Of Service vulnerability in Avahi Compressed DNS
The consume_labels function in avahi-core/dns.c in Avahi before 0.6.16 allows remote attackers to cause a denial of service (infinite loop) via a crafted compressed DNS response with a label that points to itself.
network
low complexity
avahi
5.0
2006-11-14 CVE-2006-5461 Unspecified vulnerability in Avahi
Avahi before 0.6.15 does not verify the sender identity of netlink messages to ensure that they come from the kernel instead of another process, which allows local users to spoof network changes to Avahi.
local
low complexity
avahi
2.1