CVE-2011-1002

2011-02-2200:00:00

ubuntu.com

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.075 Low

EPSS

Percentile

94.0%

JSON

avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote
attackers to cause a denial of service (infinite loop) via an empty mDNS
(1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability
exists because of an incorrect fix for CVE-2010-2244.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchavahi< 0.6.22-2ubuntu4.3UNKNOWN
ubuntu9.10noarchavahi< 0.6.25-1ubuntu5.3UNKNOWN
ubuntu10.04noarchavahi< 0.6.25-1ubuntu6.2UNKNOWN
ubuntu10.10noarchavahi< 0.6.27-2ubuntu3.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	8.04	noarch	avahi	< 0.6.22-2ubuntu4.3	UNKNOWN
ubuntu	9.10	noarch	avahi	< 0.6.25-1ubuntu5.3	UNKNOWN
ubuntu	10.04	noarch	avahi	< 0.6.25-1ubuntu6.2	UNKNOWN
ubuntu	10.10	noarch	avahi	< 0.6.27-2ubuntu3.1	UNKNOWN