Denial of Service Vulnerability in Avahi by Lacking Input Validation
CVE-2006-6870

Currently unrated

Key Information:

Vendor: Avahi
Status: Avahi
Vendor: CVE Published:; 31 December 2006

What is CVE-2006-6870?

A vulnerability exists in the consume_labels function within the avahi-core/dns.c file of Avahi versions prior to 0.6.16. This flaw allows remote attackers to trigger a denial of service condition by sending a specially crafted compressed DNS response containing a label that recursively points to itself. This results in an infinite loop, causing the service to become unresponsive, which can compromise system functionality.

References

http://secunia.com/advisories/23673

third-party-advisoryx_refsource_SECUNIA

http://www.mandriva.com/security/advisories?name=MDKSA-20...

vendor-advisoryx_refsource_MANDRIVA

http://www.avahi.org/#December2006

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Jan 4, 2007
Vulnerability published
Dec 31, 2006

JSON