Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-5081Reachable Assertion in Avahi

CWE-39915 documents9 sources
Severity
5.0MEDIUMNVD
NVD4.3
EPSS
77.1%
top 1.03%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
AvahiDebian Avahi
Timeline
PublishedDec 17
Latest updateMay 17

Description

The originates_from_local_legacy_unicast_socket function (avahi-core/server.c) in avahi-daemon in Avahi before 0.6.24 allows remote attackers to cause a denial of service (crash) via a crafted mDNS packet with a source port of 0, which triggers an assertion failure.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

debiandebian/avahi< avahi 0.6.26-1 (bookworm)+1
Debianavahi/avahi< 0.6.26-1+7
NVDavahi/avahi0.6.23+30

🔴Vulnerability Details

4
GHSA
GHSA-vxxg-j26r-33g8: The AvahiDnsPacket function in avahi-core/socket2022-05-17
GHSA
GHSA-r2cw-w385-f36j: The originates_from_local_legacy_unicast_socket function (avahi-core/server2022-05-17
OSV
CVE-2010-2244: The AvahiDnsPacket function in avahi-core/socket2010-07-08
OSV
CVE-2008-5081: The originates_from_local_legacy_unicast_socket function (avahi-core/server2008-12-17

💥Exploits & PoCs

2
Exploit-DB
Avahi < 0.6.24 - mDNS Daemon Remote Denial of Service2008-12-19
Metasploit
Avahi Source Port 0 DoS

📋Vendor Advisories

5
Red Hat
avahi: assertion failure after receiving a packet with corrupted checksum2010-06-23
Debian
CVE-2010-2244: avahi - The AvahiDnsPacket function in avahi-core/socket.c in avahi-daemon in Avahi 0.6....2010
Ubuntu
Avahi vulnerabilities2008-12-18
Red Hat
avahi: avahi-daemon DoS (application abort) via packet with source port 02008-12-12
Debian
CVE-2008-5081: avahi - The originates_from_local_legacy_unicast_socket function (avahi-core/server.c) i...2008

💬Community

2
Bugzilla
CVE-2010-2244 avahi: assertion failure after receiving a packet with corrupted checksum2010-06-23
Bugzilla
CVE-2008-5081 avahi: avahi-daemon DoS (application abort) via packet with source port 02008-12-11