CVE-2011-1002
avahi - denial of service
EPSS 57.7%
Description
avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244.
How to fix CVE-2011-1002
To remediate CVE-2011-1002, upgrade the affected package to a fixed version below.
- Debian/avahi—upgrade to 0.6.28-4 or later
- Debian/avahi—upgrade to 0.6.23-3lenny3 or later
Is CVE-2011-1002 being exploited?
Likely — EPSS is 57.7%, placing CVE-2011-1002 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.
Affected packages (2)
- from 0, < 0.6.28-4
- from 0, < 0.6.23-3lenny3