cbcvebase.
CVE-2011-1002
published 2011-02-22

CVE-2011-1002: avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or…

PriorityP431medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
29.36%
97.9th percentile
avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244.

Affected

50 ranges· showing 25
VendorProductVersion rangeFixed in
avahiavahi<= 0.6.28
avahiavahi
avahiavahi
avahiavahi
avahiavahi
avahiavahi
avahiavahi
avahiavahi
avahiavahi
avahiavahi
avahiavahi
avahiavahi
avahiavahi
avahiavahi
avahiavahi
avahiavahi
avahiavahi
avahiavahi
avahiavahi
avahiavahi
avahiavahi
avahiavahi
avahiavahi
avahiavahi
avahiavahi

Detection & IOCsextracted from sources · hover to see the quote

port5353/udp
pathavahi-core/socket.c
  • Detect empty mDNS UDP packets (zero-length payload) sent to port 5353 on both IPv4 and IPv6 interfaces, which trigger the infinite loop in avahi-daemon
  • Monitor avahi-daemon process for CPU spin / hung state following receipt of UDP traffic on port 5353, indicative of the infinite loop condition
  • ·Vulnerability exists specifically because of an incorrect prior fix; systems patched for CVE-2010-2244 but running Avahi before 0.6.29 remain vulnerable
  • ·Both IPv4 and IPv6 mDNS listeners on port 5353/udp are affected attack surfaces

CVSS provenance

nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv4.3MEDIUM
vendor_debian4.3MEDIUM
vendor_redhat4.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.