CVE-2006-6870 — Improper Input Validation in Avahi

CWE-20 — Improper Input Validation10 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

5.9%

top 9.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Avahi Debian Avahi

Timeline

PublishedDec 31

Latest updateMay 1

Description

The consume_labels function in avahi-core/dns.c in Avahi before 0.6.16 allows remote attackers to cause a denial of service (infinite loop) via a crafted compressed DNS response with a label that points to itself.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/avahi< avahi 0.6.16-1 (bookworm)

▶Debianavahi/avahi< 0.6.16-1+3

▶NVDavahi/avahi9 versions+8

Patches

Patch: www.avahi.org ↗Patch: www.avahi.org ↗Patch: www.avahi.org ↗

🔴Vulnerability Details

GHSA

GHSA-mc78-8grw-5ghv: The consume_labels function in avahi-core/dns↗2022-05-01

▶

OSV

CVE-2006-6870: The consume_labels function in avahi-core/dns↗2006-12-31

▶

📋Vendor Advisories

Ubuntu

Avahi vulnerability↗2007-01-05

▶

Debian

CVE-2006-6870: avahi - The consume_labels function in avahi-core/dns.c in Avahi before 0.6.16 allows re...↗2006

▶

📐Framework References

CWE

Improper Input Validation↗

▶

💬Community

Bugzilla

CVE-2006-6870 Maliciously crafted packed can DoS avahi daemon↗2007-01-07

▶

Bugzilla

CVE-2006-6870 Maliciously crafted packed can DoS avahi daemon↗2007-01-06

▶

Bugzilla

CVE-2006-6870 Maliciously crafted packed can DoS avahi daemon↗2007-01-04

▶

Bugzilla

CVE-2006-6870 Maliciously crafted packed can DoS avahi daemon↗2007-01-04

▶