CVE-2010-2244Infinite Loop in Avahi

CWE-399CWE-835Infinite Loop14 documents7 sources
Severity
5.0MEDIUMNVD
NVD4.3OSV4.3
EPSS
0.9%
top 24.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
AvahiDebian AvahiCanonical Ubuntu Linux+3 more
Timeline
PublishedJul 8
Latest updateMay 17

Description

The AvahiDnsPacket function in avahi-core/socket.c in avahi-daemon in Avahi 0.6.16 and 0.6.25 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNS packet with an invalid checksum followed by a DNS packet with a valid checksum, a different vulnerability than CVE-2008-5081.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

debiandebian/avahi< avahi 0.6.26-1 (bookworm)+1
Debianavahi/avahi< 0.6.26-1+7
NVDavahi/avahi0.6.28+34

Also affects: Debian Linux 5.0, 6.0, 7.0, Fedora 15, Ubuntu Linux 10.04, 10.10, 8.04, 9.10, Enterprise Linux 5.0, 6.0

🔴Vulnerability Details

4
GHSA
GHSA-mqr3-725g-5qgw: avahi-core/socket2022-05-17
GHSA
GHSA-vxxg-j26r-33g8: The AvahiDnsPacket function in avahi-core/socket2022-05-17
OSV
CVE-2011-1002: avahi-core/socket2011-02-22
OSV
CVE-2010-2244: The AvahiDnsPacket function in avahi-core/socket2010-07-08

📋Vendor Advisories

6
Red Hat
avahi: daemon infinite loop triggered by an empty UDP packet (CVE-2010-2244 fix regression)2011-01-04
Red Hat
avahi: daemon infinite loop triggered by an empty UDP packet (CVE-2010-2244 fix regression)2011-01-04
Debian
CVE-2011-1002: avahi - avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attacke...2011
Ubuntu
Avahi vulnerabilities2010-09-29
Red Hat
avahi: assertion failure after receiving a packet with corrupted checksum2010-06-23

💬Community

2
Bugzilla
CVE-2011-1002 avahi: avahi daemon remote DoS by sending NULL UDP (due incorrect CVE-2010-2244 fix) [fedora-all]2011-02-23
Bugzilla
CVE-2010-2244 avahi: assertion failure after receiving a packet with corrupted checksum2010-06-23