Origin Validation Error in avahi

Do your applications use this vulnerable package? Test your applications

Overview

avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) and may cause information leakage by obtaining potentially sensitive information from the responding device via port-5353 UDP packets. NOTE: this may overlap CVE-2015-2809.

References

CVE Details
Debian Security Tracker
GitHub Issue
GitHub Issue
MISC
MLIST
RedHat Bugzilla Bug
Ubuntu CVE Tracker
Ubuntu Security Advisory
Ubuntu Security Advisory

Attack Vector

Network
Attack Complexity

Low
Privileges Required

None
User Interaction

None
Scope

Unchanged
Confidentiality

High
Integrity

None
Availability

High

CVE: CVE-2017-6519
CWE: CWE-346
Snyk ID: SNYK-DEBIAN10-AVAHI-330424
Disclosed: 01 May, 2017
Published: 01 May, 2017

Origin Validation Error
Affecting avahi package, versions *

Overview

References

CVSS Score

Origin Validation Error Affecting avahi package, versions *

Overview

References

Origin Validation Error
Affecting avahi package, versions *