rpm package
opensuse/avahi&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/avahi&distro=openSUSE%20Tumbleweed
Vulnerabilities (23)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2008-5081 | — | < 0.8-7.2 | 0.8-7.2 | Dec 17, 2008 | The originates_from_local_legacy_unicast_socket function (avahi-core/server.c) in avahi-daemon in Avahi before 0.6.24 allows remote attackers to cause a denial of service (crash) via a crafted mDNS packet with a source port of 0, which triggers an assertion failure. | ||
| CVE-2007-3372 | — | < 0.8-7.2 | 0.8-7.2 | Jun 22, 2007 | The Avahi daemon in Avahi before 0.6.20 allows attackers to cause a denial of service (exit) via empty TXT data over D-Bus, which triggers an assert error. | ||
| CVE-2006-5461 | — | < 0.8-7.2 | 0.8-7.2 | Nov 14, 2006 | Avahi before 0.6.15 does not verify the sender identity of netlink messages to ensure that they come from the kernel instead of another process, which allows local users to spoof network changes to Avahi. |
- CVE-2008-5081Dec 17, 2008affected < 0.8-7.2fixed 0.8-7.2
The originates_from_local_legacy_unicast_socket function (avahi-core/server.c) in avahi-daemon in Avahi before 0.6.24 allows remote attackers to cause a denial of service (crash) via a crafted mDNS packet with a source port of 0, which triggers an assertion failure.
- CVE-2007-3372Jun 22, 2007affected < 0.8-7.2fixed 0.8-7.2
The Avahi daemon in Avahi before 0.6.20 allows attackers to cause a denial of service (exit) via empty TXT data over D-Bus, which triggers an assert error.
- CVE-2006-5461Nov 14, 2006affected < 0.8-7.2fixed 0.8-7.2
Avahi before 0.6.15 does not verify the sender identity of netlink messages to ensure that they come from the kernel instead of another process, which allows local users to spoof network changes to Avahi.
Page 2 of 2