CVE-2009-0758

Published: Mar 3, 2009Modified: Apr 23, 2026

7.8

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability: 10.0 / Impact: 6.9

Source: NVD

Description

The originates_from_local_legacy_unicast_socket function in avahi-core/server.c in avahi-daemon 0.6.23 does not account for the network byte order of a port number when processing incoming multicast packets, which allows remote attackers to cause a denial of service (network bandwidth and CPU consumption) via a crafted legacy unicast mDNS query packet that triggers a multicast packet storm.

Affected (1)

Products: Avahi: Avahi Daemon

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Avahi Avahi Daemon	Version 0.6.23

Related CWEs

References (14)

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=517683

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00000.html

Source: cve@mitre.org

http://secunia.com/advisories/38420

Source: cve@mitre.org

http://www.debian.org/security/2010/dsa-2086

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDVSA-2009:076

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2009/03/02/1

Source: cve@mitre.org

http://www.securityfocus.com/bid/33946

Source: cve@mitre.org

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=517683

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00000.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/38420

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2010/dsa-2086

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2009:076

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2009/03/02/1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/33946

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.