CVE-2017-6519

avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) and may cause information leakage by obtaining potentially sensitive  information from the responding device via port-5353 UDP packets.  NOTE: this may overlap CVE-2015-2809.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
Affected Products (NVD)
VendorProductVersion
avahiavahi
𝑥
≤ 0.6.32
avahiavahi
0.7
canonicalubuntu_linux
12.04
canonicalubuntu_linux
14.04
canonicalubuntu_linux
16.04
canonicalubuntu_linux
18.04
canonicalubuntu_linux
18.10
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
avahi
bookworm
0.8-10
fixed
bullseye
0.8-5+deb11u2
fixed
sid
0.8-13
fixed
trixie
0.8-13
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
avahi
artful
ignored
bionic
Fixed 0.7-3.1ubuntu1.2
released
cosmic
Fixed 0.7-4ubuntu2.1
released
precise
ignored
trusty
Fixed 0.6.31-4ubuntu1.3
released
xenial
Fixed 0.6.32~rc+dfsg-1ubuntu2.3
released
yakkety
ignored
zesty
ignored
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
avahi
suse enterprise desktop 15 SP4
0.8-150400.5.73
fixed
suse enterprise desktop 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise desktop 15 SP6
0.8-150600.13.4
fixed
suse enterprise desktop 15 SP7
0.8-150600.15.6.1
fixed
suse enterprise sap 15 SP4
0.8-150400.5.73
fixed
suse enterprise sap 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise sap 15 SP6
0.8-150600.13.4
fixed
suse enterprise sap 15 SP7
0.8-150600.15.6.1
fixed
suse enterprise server 15 SP4
0.8-150400.5.73
fixed
suse enterprise server 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise server 15 SP6
0.8-150600.13.4
fixed
suse enterprise server 15 SP7
0.8-150600.15.6.1
fixed
avahi-autoipd
suse enterprise desktop 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise desktop 15 SP6
0.8-150600.13.4
fixed
suse enterprise desktop 15 SP7
0.8-150600.15.6.1
fixed
suse enterprise sap 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise sap 15 SP6
0.8-150600.13.4
fixed
suse enterprise sap 15 SP7
0.8-150600.15.6.1
fixed
suse enterprise server 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise server 15 SP6
0.8-150600.13.4
fixed
suse enterprise server 15 SP7
0.8-150600.15.6.1
fixed
avahi-compat-howl-devel
suse enterprise desktop 15 SP4
0.8-150400.5.73
fixed
suse enterprise desktop 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise desktop 15 SP6
0.8-150600.13.4
fixed
suse enterprise desktop 15 SP7
0.8-150600.15.6.1
fixed
suse enterprise sap 15 SP4
0.8-150400.5.73
fixed
suse enterprise sap 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise sap 15 SP6
0.8-150600.13.4
fixed
suse enterprise sap 15 SP7
0.8-150600.15.6.1
fixed
suse enterprise server 15 SP4
0.8-150400.5.73
fixed
suse enterprise server 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise server 15 SP6
0.8-150600.13.4
fixed
suse enterprise server 15 SP7
0.8-150600.15.6.1
fixed
avahi-compat-mDNSResponder-devel
suse enterprise desktop 15 SP4
0.8-150400.5.73
fixed
suse enterprise desktop 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise desktop 15 SP6
0.8-150600.13.4
fixed
suse enterprise desktop 15 SP7
0.8-150600.15.6.1
fixed
suse enterprise sap 15 SP4
0.8-150400.5.73
fixed
suse enterprise sap 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise sap 15 SP6
0.8-150600.13.4
fixed
suse enterprise sap 15 SP7
0.8-150600.15.6.1
fixed
suse enterprise server 15 SP4
0.8-150400.5.73
fixed
suse enterprise server 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise server 15 SP6
0.8-150600.13.4
fixed
suse enterprise server 15 SP7
0.8-150600.15.6.1
fixed
avahi-lang
suse enterprise desktop 15 SP4
0.8-150400.5.73
fixed
suse enterprise desktop 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise desktop 15 SP6
0.8-150600.13.4
fixed
suse enterprise desktop 15 SP7
0.8-150600.15.6.1
fixed
suse enterprise sap 15 SP4
0.8-150400.5.73
fixed
suse enterprise sap 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise sap 15 SP6
0.8-150600.13.4
fixed
suse enterprise sap 15 SP7
0.8-150600.15.6.1
fixed
suse enterprise server 15 SP4
0.8-150400.5.73
fixed
suse enterprise server 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise server 15 SP6
0.8-150600.13.4
fixed
suse enterprise server 15 SP7
0.8-150600.15.6.1
fixed
avahi-utils
suse enterprise desktop 15 SP4
0.8-150400.5.73
fixed
suse enterprise desktop 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise desktop 15 SP6
0.8-150600.13.4
fixed
suse enterprise desktop 15 SP7
0.8-150600.15.6.1
fixed
suse enterprise sap 15 SP4
0.8-150400.5.73
fixed
suse enterprise sap 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise sap 15 SP6
0.8-150600.13.4
fixed
suse enterprise sap 15 SP7
0.8-150600.15.6.1
fixed
suse enterprise server 15 SP4
0.8-150400.5.73
fixed
suse enterprise server 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise server 15 SP6
0.8-150600.13.4
fixed
suse enterprise server 15 SP7
0.8-150600.15.6.1
fixed
avahi-utils-gtk
suse enterprise desktop 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise desktop 15 SP6
0.8-150600.13.4
fixed
suse enterprise desktop 15 SP7
0.8-150600.15.6.1
fixed
suse enterprise sap 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise sap 15 SP6
0.8-150600.13.4
fixed
suse enterprise sap 15 SP7
0.8-150600.15.6.1
fixed
suse enterprise server 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise server 15 SP6
0.8-150600.13.4
fixed
suse enterprise server 15 SP7
0.8-150600.15.6.1
fixed
libavahi-client3
suse enterprise desktop 15 SP4
0.8-150400.5.73
fixed
suse enterprise desktop 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise desktop 15 SP6
0.8-150600.13.4
fixed
suse enterprise desktop 15 SP7
0.8-150600.15.6.1
fixed
suse enterprise sap 15 SP4
0.8-150400.5.73
fixed
suse enterprise sap 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise sap 15 SP6
0.8-150600.13.4
fixed
suse enterprise sap 15 SP7
0.8-150600.15.6.1
fixed
suse enterprise server 15 SP4
0.8-150400.5.73
fixed
suse enterprise server 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise server 15 SP6
0.8-150600.13.4
fixed
suse enterprise server 15 SP7
0.8-150600.15.6.1
fixed
libavahi-client3-32bit
suse enterprise desktop 15 SP4
0.8-150400.5.73
fixed
suse enterprise desktop 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise desktop 15 SP6
0.8-150600.13.4
fixed
suse enterprise desktop 15 SP7
0.8-150600.15.6.1
fixed
suse enterprise sap 15 SP4
0.8-150400.5.73
fixed
suse enterprise sap 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise sap 15 SP6
0.8-150600.13.4
fixed
suse enterprise sap 15 SP7
0.8-150600.15.6.1
fixed
suse enterprise server 15 SP4
0.8-150400.5.73
fixed
suse enterprise server 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise server 15 SP6
0.8-150600.13.4
fixed
suse enterprise server 15 SP7
0.8-150600.15.6.1
fixed
libavahi-common3
suse enterprise desktop 15 SP4
0.8-150400.5.73
fixed
suse enterprise desktop 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise desktop 15 SP6
0.8-150600.13.4
fixed
suse enterprise desktop 15 SP7
0.8-150600.15.6.1
fixed
suse enterprise sap 15 SP4
0.8-150400.5.73
fixed
suse enterprise sap 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise sap 15 SP6
0.8-150600.13.4
fixed
suse enterprise sap 15 SP7
0.8-150600.15.6.1
fixed
suse enterprise server 15 SP4
0.8-150400.5.73
fixed
suse enterprise server 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise server 15 SP6
0.8-150600.13.4
fixed
suse enterprise server 15 SP7
0.8-150600.15.6.1
fixed
libavahi-common3-32bit
suse enterprise desktop 15 SP4
0.8-150400.5.73
fixed
suse enterprise desktop 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise desktop 15 SP6
0.8-150600.13.4
fixed
suse enterprise desktop 15 SP7
0.8-150600.15.6.1
fixed
suse enterprise sap 15 SP4
0.8-150400.5.73
fixed
suse enterprise sap 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise sap 15 SP6
0.8-150600.13.4
fixed
suse enterprise sap 15 SP7
0.8-150600.15.6.1
fixed
suse enterprise server 15 SP4
0.8-150400.5.73
fixed
suse enterprise server 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise server 15 SP6
0.8-150600.13.4
fixed
suse enterprise server 15 SP7
0.8-150600.15.6.1
fixed
libavahi-core7
suse enterprise desktop 15 SP4
0.8-150400.5.73
fixed
suse enterprise desktop 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise desktop 15 SP6
0.8-150600.13.4
fixed
suse enterprise desktop 15 SP7
0.8-150600.15.6.1
fixed
suse enterprise sap 15 SP4
0.8-150400.5.73
fixed
suse enterprise sap 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise sap 15 SP6
0.8-150600.13.4
fixed
suse enterprise sap 15 SP7
0.8-150600.15.6.1
fixed
suse enterprise server 15 SP4
0.8-150400.5.73
fixed
suse enterprise server 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise server 15 SP6
0.8-150600.13.4
fixed
suse enterprise server 15 SP7
0.8-150600.15.6.1
fixed
libavahi-devel
suse enterprise desktop 15 SP4
0.8-150400.5.73
fixed
suse enterprise desktop 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise desktop 15 SP6
0.8-150600.13.4
fixed
suse enterprise desktop 15 SP7
0.8-150600.15.6.1
fixed
suse enterprise sap 15 SP4
0.8-150400.5.73
fixed
suse enterprise sap 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise sap 15 SP6
0.8-150600.13.4
fixed
suse enterprise sap 15 SP7
0.8-150600.15.6.1
fixed
suse enterprise server 15 SP4
0.8-150400.5.73
fixed
suse enterprise server 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise server 15 SP6
0.8-150600.13.4
fixed
suse enterprise server 15 SP7
0.8-150600.15.6.1
fixed
libavahi-glib-devel
suse enterprise desktop 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise desktop 15 SP6
0.8-150600.13.4
fixed
suse enterprise desktop 15 SP7
0.8-150600.15.6.1
fixed
suse enterprise sap 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise sap 15 SP6
0.8-150600.13.4
fixed
suse enterprise sap 15 SP7
0.8-150600.15.6.1
fixed
suse enterprise server 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise server 15 SP6
0.8-150600.13.4
fixed
suse enterprise server 15 SP7
0.8-150600.15.6.1
fixed
libavahi-glib1
suse enterprise desktop 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise desktop 15 SP6
0.8-150600.13.4
fixed
suse enterprise desktop 15 SP7
0.8-150600.15.6.1
fixed
suse enterprise sap 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise sap 15 SP6
0.8-150600.13.4
fixed
suse enterprise sap 15 SP7
0.8-150600.15.6.1
fixed
suse enterprise server 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise server 15 SP6
0.8-150600.13.4
fixed
suse enterprise server 15 SP7
0.8-150600.15.6.1
fixed
libavahi-gobject-devel
suse enterprise desktop 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise desktop 15 SP6
0.8-150600.13.4
fixed
suse enterprise desktop 15 SP7
0.8-150600.15.6.1
fixed
suse enterprise sap 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise sap 15 SP6
0.8-150600.13.4
fixed
suse enterprise sap 15 SP7
0.8-150600.15.6.1
fixed
suse enterprise server 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise server 15 SP6
0.8-150600.13.4
fixed
suse enterprise server 15 SP7
0.8-150600.15.6.1
fixed
libavahi-gobject0
suse enterprise desktop 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise desktop 15 SP6
0.8-150600.13.4
fixed
suse enterprise desktop 15 SP7
0.8-150600.15.6.1
fixed
suse enterprise sap 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise sap 15 SP6
0.8-150600.13.4
fixed
suse enterprise sap 15 SP7
0.8-150600.15.6.1
fixed
suse enterprise server 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise server 15 SP6
0.8-150600.13.4
fixed
suse enterprise server 15 SP7
0.8-150600.15.6.1
fixed
libavahi-libevent1
suse enterprise desktop 15 SP4
0.8-150400.5.73
fixed
suse enterprise desktop 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise desktop 15 SP6
0.8-150600.13.4
fixed
suse enterprise desktop 15 SP7
0.8-150600.15.6.1
fixed
suse enterprise sap 15 SP4
0.8-150400.5.73
fixed
suse enterprise sap 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise sap 15 SP6
0.8-150600.13.4
fixed
suse enterprise sap 15 SP7
0.8-150600.15.6.1
fixed
suse enterprise server 15 SP4
0.8-150400.5.73
fixed
suse enterprise server 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise server 15 SP6
0.8-150600.13.4
fixed
suse enterprise server 15 SP7
0.8-150600.15.6.1
fixed
libavahi-ui-gtk3-0
suse enterprise desktop 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise desktop 15 SP6
0.8-150600.13.4
fixed
suse enterprise desktop 15 SP7
0.8-150600.15.6.1
fixed
suse enterprise sap 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise sap 15 SP6
0.8-150600.13.4
fixed
suse enterprise sap 15 SP7
0.8-150600.15.6.1
fixed
suse enterprise server 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise server 15 SP6
0.8-150600.13.4
fixed
suse enterprise server 15 SP7
0.8-150600.15.6.1
fixed
libdns_sd
suse enterprise desktop 15 SP4
0.8-150400.5.73
fixed
suse enterprise desktop 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise desktop 15 SP6
0.8-150600.13.4
fixed
suse enterprise desktop 15 SP7
0.8-150600.15.6.1
fixed
suse enterprise sap 15 SP4
0.8-150400.5.73
fixed
suse enterprise sap 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise sap 15 SP6
0.8-150600.13.4
fixed
suse enterprise sap 15 SP7
0.8-150600.15.6.1
fixed
suse enterprise server 15 SP4
0.8-150400.5.73
fixed
suse enterprise server 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise server 15 SP6
0.8-150600.13.4
fixed
suse enterprise server 15 SP7
0.8-150600.15.6.1
fixed
libhowl0
suse enterprise desktop 15 SP4
0.8-150400.5.73
fixed
suse enterprise desktop 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise desktop 15 SP6
0.8-150600.13.4
fixed
suse enterprise desktop 15 SP7
0.8-150600.15.6.1
fixed
suse enterprise sap 15 SP4
0.8-150400.5.73
fixed
suse enterprise sap 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise sap 15 SP6
0.8-150600.13.4
fixed
suse enterprise sap 15 SP7
0.8-150600.15.6.1
fixed
suse enterprise server 15 SP4
0.8-150400.5.73
fixed
suse enterprise server 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise server 15 SP6
0.8-150600.13.4
fixed
suse enterprise server 15 SP7
0.8-150600.15.6.1
fixed
typelib-1_0-Avahi-0_6
suse enterprise desktop 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise desktop 15 SP6
0.8-150600.13.4
fixed
suse enterprise desktop 15 SP7
0.8-150600.15.6.1
fixed
suse enterprise sap 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise sap 15 SP6
0.8-150600.13.4
fixed
suse enterprise sap 15 SP7
0.8-150600.15.6.1
fixed
suse enterprise server 15 SP5
0.8-150400.7.3.1
fixed
suse enterprise server 15 SP6
0.8-150600.13.4
fixed
suse enterprise server 15 SP7
0.8-150600.15.6.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
avahi
RHEL 7
0:0.6.31-20.el7
fixed
avahi-autoipd
RHEL 7
0:0.6.31-20.el7
fixed
avahi-compat-howl
RHEL 7
0:0.6.31-20.el7
fixed
avahi-compat-howl-devel
RHEL 7
0:0.6.31-20.el7
fixed
avahi-compat-libdns
RHEL 7
0:0.6.31-20.el7
fixed
avahi-devel
RHEL 7
0:0.6.31-20.el7
fixed
avahi-dnsconfd
RHEL 7
0:0.6.31-20.el7
fixed
avahi-glib
RHEL 7
0:0.6.31-20.el7
fixed
avahi-glib-devel
RHEL 7
0:0.6.31-20.el7
fixed
avahi-gobject
RHEL 7
0:0.6.31-20.el7
fixed
avahi-gobject-devel
RHEL 7
0:0.6.31-20.el7
fixed
avahi-libs
RHEL 7
0:0.6.31-20.el7
fixed
avahi-qt3
RHEL 7
0:0.6.31-20.el7
fixed
avahi-qt3-devel
RHEL 7
0:0.6.31-20.el7
fixed
avahi-qt4
RHEL 7
0:0.6.31-20.el7
fixed
avahi-qt4-devel
RHEL 7
0:0.6.31-20.el7
fixed
avahi-tools
RHEL 7
0:0.6.31-20.el7
fixed
avahi-ui
RHEL 7
0:0.6.31-20.el7
fixed
avahi-ui-devel
RHEL 7
0:0.6.31-20.el7
fixed
avahi-ui-gtk3
RHEL 7
0:0.6.31-20.el7
fixed
avahi-ui-tools
RHEL 7
0:0.6.31-20.el7
fixed
Common Weakness Enumeration
References
https://bugzilla.redhat.com/show_bug.cgi?id=1426712
https://github.com/lathiat/avahi/issues/203
https://github.com/lathiat/avahi/issues/203#issuecomment-449536790
https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E
https://usn.ubuntu.com/3876-1/
https://usn.ubuntu.com/3876-2/
https://www.secfu.net/advisories
https://bugzilla.redhat.com/show_bug.cgi?id=1426712
https://github.com/lathiat/avahi/issues/203
https://github.com/lathiat/avahi/issues/203#issuecomment-449536790
https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E
https://usn.ubuntu.com/3876-1/
https://usn.ubuntu.com/3876-2/
https://www.secfu.net/advisories