CVE-2009-0758
avahi - denial of service
EPSS 1.1%
Description
The originates_from_local_legacy_unicast_socket function in avahi-core/server.c in avahi-daemon 0.6.23 does not account for the network byte order of a port number when processing incoming multicast packets, which allows remote attackers to cause a denial of service (network bandwidth and CPU consumption) via a crafted legacy unicast mDNS query packet that triggers a multicast packet storm.
How to fix CVE-2009-0758
To remediate CVE-2009-0758, upgrade the affected package to a fixed version below.
- Debian/avahi—upgrade to 0.6.24-3 or later
- —upgrade to 0.6.23-3lenny2 or later
Is CVE-2009-0758 being exploited?
Low — EPSS is 1.1%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 0.6.24-3
- from 0, < 0.6.23-3lenny2