VYPR

Avahi Daemon

by Avahi

Source repositories

CVEs (8)

  • CVE-2023-1981MedMay 26, 2023
    risk 0.36cvss 5.5epss 0.00

    A vulnerability was found in the avahi library. This flaw allows an unprivileged user to make a dbus call, causing the avahi daemon to crash.

  • CVE-2024-52616MedNov 21, 2024
    risk 0.35cvss 5.3epss 0.01

    A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs.

  • CVE-2024-52615MedNov 21, 2024
    risk 0.34cvss 5.3epss 0.01

    A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected.

  • CVE-2008-5081Dec 17, 2008
    risk 0.08cvss epss 0.59

    The originates_from_local_legacy_unicast_socket function (avahi-core/server.c) in avahi-daemon in Avahi before 0.6.24 allows remote attackers to cause a denial of service (crash) via a crafted mDNS packet with a source port of 0, which triggers an assertion failure.

  • CVE-2026-24401Jan 24, 2026
    risk 0.00cvss epss 0.00

    Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In versions 0.9rc2 and below, avahi-daemon can be crashed via a segmentation fault by sending an unsolicited mDNS response containing a recursive CNAME record, where the…

  • CVE-2025-68471Jan 12, 2026
    risk 0.00cvss epss 0.00

    Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending 2 unsolicited announcements with CNAME resource records 2 seconds apart.

  • CVE-2010-2244Jul 8, 2010
    risk 0.00cvss epss 0.03

    The AvahiDnsPacket function in avahi-core/socket.c in avahi-daemon in Avahi 0.6.16 and 0.6.25 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNS packet with an invalid checksum followed by a DNS packet with a valid checksum, a…

  • CVE-2009-0758Mar 3, 2009
    risk 0.00cvss epss 0.02

    The originates_from_local_legacy_unicast_socket function in avahi-core/server.c in avahi-daemon 0.6.23 does not account for the network byte order of a port number when processing incoming multicast packets, which allows remote attackers to cause a denial of service (network…