CVE-2009-0758

EPSS 1.1%

avahi - denial of service

Published: 3/3/2009Modified: 4/28/2026

Also known as:DEBIAN-CVE-2009-0758

Description

The originates_from_local_legacy_unicast_socket function in avahi-core/server.c in avahi-daemon 0.6.23 does not account for the network byte order of a port number when processing incoming multicast packets, which allows remote attackers to cause a denial of service (network bandwidth and CPU consumption) via a crafted legacy unicast mDNS query packet that triggers a multicast packet storm.

Affected packages (2)

Debian/avahifrom 0, < 0.6.24-3
Debian/avahifrom 0, < 0.6.23-3lenny2

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2009-0758