CVE-2010-2244

Description

The AvahiDnsPacket function in avahi-core/socket.c in avahi-daemon in Avahi 0.6.16 and 0.6.25 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNS packet with an invalid checksum followed by a DNS packet with a valid checksum, a different vulnerability than CVE-2008-5081.

How to fix CVE-2010-2244

To remediate CVE-2010-2244, upgrade the affected package to a fixed version below.

• Debian/avahi—upgrade to 0.6.26-1 or later

Is CVE-2010-2244 being exploited?

Low — EPSS is 0.9%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 0.6.26-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2010-2244