CVE-2011-1002

Avahi < 0.6.28 - Infinite Loop

Title source: rule
STIX 2.1

Description

avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244.

References (31)

Core 31
Core References
Broken Link vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-0779.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/65525
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/02/22/9
Broken Link vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-0436.html
Broken Link vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0511
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2011/02/18/1
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43605
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43465
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43673
Broken Link vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0601
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=667187
Broken Link vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0969
Not Applicable vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/65524
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/44131
Broken Link vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2011:040
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/46446
Broken Link vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2011:037
Broken Link, Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0448
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2011-04/msg00000.html
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2011/dsa-2174
Broken Link, Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0499
Broken Link vdb-entry x_refsource_osvdb
http://osvdb.org/70948
Broken Link, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43361
Broken Link vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0670
Broken Link x_refsource_confirm
http://avahi.org/ticket/325
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055858.html
Broken Link vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0565
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://ubuntu.com/usn/usn-1084-1
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2011/02/18/4

Scores

EPSS 0.6813
EPSS Percentile 98.6%

Details

CWE
CWE-835
Status published
Products (45)
avahi/avahi 0.1
avahi/avahi 0.2
avahi/avahi 0.3
avahi/avahi 0.4
avahi/avahi 0.5
avahi/avahi 0.5.1
avahi/avahi 0.5.2
avahi/avahi 0.6.1
avahi/avahi 0.6.2
avahi/avahi 0.6.3
... and 35 more
Published Feb 22, 2011
Tracked Since Feb 18, 2026