QwikSec

Security Database

CVE

CWE

Training

CVE-2017-6519

Published: May 1, 2017

Modified: Dec 3, 2025

PUBLISHED

Description

avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) and may cause information leakage by obtaining potentially sensitive information from the responding device via port-5353 UDP packets. NOTE: this may overlap CVE-2015-2809.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/lathiat/avahi/issues/203#issuecomment-449536790

x_refsource_MISC

vendor-advisory

x_refsource_UBUNTU

https://github.com/lathiat/avahi/issues/203

x_refsource_MISC

https://bugzilla.redhat.com/show_bug.cgi?id=1426712

x_refsource_MISC

vendor-advisory

x_refsource_UBUNTU

https://www.secfu.net/advisories

x_refsource_MISC

[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.