Denial of Service Vulnerability in Avahi Daemon Affects Multiple Versions
CVE-2017-6519

9.1CRITICAL

Key Information:

Vendor

Avahi

Status
Avahi
Vendor
CVE Published:
1 May 2017

What is CVE-2017-6519?

The avahi-daemon in Avahi through versions 0.6.32 and 0.7 is vulnerable due to its incorrect handling of IPv6 unicast queries from off-link addresses. This flaw allows remote attackers to initiate a Denial of Service attack via traffic amplification. Additionally, the vulnerability could lead to information leakage, enabling attackers to extract potentially sensitive data from the affected device through UDP packets on port 5353.

References

https://github.com/lathiat/avahi/issues/203#issuecomment-...
x_refsource_MISC
https://usn.ubuntu.com/3876-1/
vendor-advisoryx_refsource_UBUNTU
https://github.com/lathiat/avahi/issues/203
x_refsource_MISC

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.