CVE-2011-1002 — Infinite Loop in Avahi

CWE-835 — Infinite Loop10 documents9 sources

Severity

5.0MEDIUMNVD

OSV4.3

EPSS

68.8%

top 1.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Avahi Debian Avahi Canonical Ubuntu Linux +3 more

Timeline

PublishedFeb 22

Latest updateMay 17

Description

avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/avahi< avahi 0.6.28-4 (bookworm)

▶Debianavahi/avahi< 0.6.28-4+3

▶NVDavahi/avahi0.6.28+34

Also affects: Debian Linux 5.0, 6.0, 7.0, Fedora 15, Ubuntu Linux 10.04, 10.10, 8.04, 9.10, Enterprise Linux 5.0, 6.0

🔴Vulnerability Details

GHSA

GHSA-mqr3-725g-5qgw: avahi-core/socket↗2022-05-17

▶

OSV

CVE-2011-1002: avahi-core/socket↗2011-02-22

▶

📋Vendor Advisories

Ubuntu

avahi vulnerability↗2011-03-07

▶

Red Hat

avahi: daemon infinite loop triggered by an empty UDP packet (CVE-2010-2244 fix regression)↗2011-01-04

▶

Debian

CVE-2011-1002: avahi - avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attacke...↗2011

▶

🕵️Threat Intelligence

Recorded Future

Top 16 Nmap Commands: Nmap Port Scan Cheat Sheet↗

▶

Recorded Future

Top 16 Nmap Commands: Nmap Port Scan Cheat Sheet↗

▶

📐Framework References

CWE

Loop with Unreachable Exit Condition ('Infinite Loop')↗

▶

💬Community

Bugzilla

CVE-2011-1002 avahi: avahi daemon remote DoS by sending NULL UDP (due incorrect CVE-2010-2244 fix) [fedora-all]↗2011-02-23

▶