Denial of Service Vulnerability in Avahi Daemon by Avahi
CVE-2008-5081

Currently unrated

Key Information:

Vendor: Avahi
Status: Avahi
Vendor: CVE Published:; 17 December 2008

What is CVE-2008-5081?

A vulnerability exists in the Avahi Daemon (versions prior to 0.6.24) where an attacker can craft a malicious mDNS packet with a source port of 0. When this packet is processed, it triggers an assertion failure in the originates_from_local_legacy_unicast_socket function found in avahi-core/server.c, leading to a crash of the service. This allows remote attackers to disrupt service availability, impacting any applications relying on the Avahi Daemon for network service discovery.

References

http://secunia.com/advisories/33220

third-party-advisoryx_refsource_SECUNIA

http://www.openwall.com/lists/oss-security/2008/12/14/1

mailing-listx_refsource_MLIST

http://lists.opensuse.org/opensuse-security-announce/2009...

vendor-advisoryx_refsource_SUSE

EPSS Score

75% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 17, 2008
Vulnerability Reserved
Nov 14, 2008

JSON