CVE-2006-6870

2007-01-0500:00:00

canonical

web.nvd.nist.gov

cve

2006

6870

avahi

denial of service

dns

remote attackers

security vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

6.1

Confidence

Low

EPSS

0.12

Percentile

95.4%

JSON

The consume_labels function in avahi-core/dns.c in Avahi before 0.6.16 allows remote attackers to cause a denial of service (infinite loop) via a crafted compressed DNS response with a label that points to itself.

Affected configurations

Nvd

Node

avahiavahiMatch0.6.7

avahiavahiMatch0.6.8

avahiavahiMatch0.6.9

avahiavahiMatch0.6.10

avahiavahiMatch0.6.11

avahiavahiMatch0.6.12

avahiavahiMatch0.6.13

avahiavahiMatch0.6.14

avahiavahiMatch0.6.15

VendorProductVersionCPE
avahiavahi0.6.7cpe:2.3:a:avahi:avahi:0.6.7:*:*:*:*:*:*:*
avahiavahi0.6.8cpe:2.3:a:avahi:avahi:0.6.8:*:*:*:*:*:*:*
avahiavahi0.6.9cpe:2.3:a:avahi:avahi:0.6.9:*:*:*:*:*:*:*
avahiavahi0.6.10cpe:2.3:a:avahi:avahi:0.6.10:*:*:*:*:*:*:*
avahiavahi0.6.11cpe:2.3:a:avahi:avahi:0.6.11:*:*:*:*:*:*:*
avahiavahi0.6.12cpe:2.3:a:avahi:avahi:0.6.12:*:*:*:*:*:*:*
avahiavahi0.6.13cpe:2.3:a:avahi:avahi:0.6.13:*:*:*:*:*:*:*
avahiavahi0.6.14cpe:2.3:a:avahi:avahi:0.6.14:*:*:*:*:*:*:*
avahiavahi0.6.15cpe:2.3:a:avahi:avahi:0.6.15:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
avahi	avahi	0.6.7	cpe:2.3:a:avahi:avahi:0.6.7:::::::*
avahi	avahi	0.6.8	cpe:2.3:a:avahi:avahi:0.6.8:::::::*
avahi	avahi	0.6.9	cpe:2.3:a:avahi:avahi:0.6.9:::::::*
avahi	avahi	0.6.10	cpe:2.3:a:avahi:avahi:0.6.10:::::::*
avahi	avahi	0.6.11	cpe:2.3:a:avahi:avahi:0.6.11:::::::*
avahi	avahi	0.6.12	cpe:2.3:a:avahi:avahi:0.6.12:::::::*
avahi	avahi	0.6.13	cpe:2.3:a:avahi:avahi:0.6.13:::::::*
avahi	avahi	0.6.14	cpe:2.3:a:avahi:avahi:0.6.14:::::::*
avahi	avahi	0.6.15	cpe:2.3:a:avahi:avahi:0.6.15:::::::*