What is the severity of CVE-2011-1002?

CVE-2011-1002 has a high severity level as it allows remote attackers to cause a denial of service through an infinite loop.

How do I fix CVE-2011-1002?

To fix CVE-2011-1002, upgrade to a version of Avahi that is at least 0.6.29 or higher.

Which versions of Avahi are affected by CVE-2011-1002?

CVE-2011-1002 affects multiple versions of Avahi, including but not limited to 0.6.25, 0.6.5, and 0.6.27.

What type of vulnerability is CVE-2011-1002?

CVE-2011-1002 is a denial of service vulnerability that can be exploited via empty mDNS UDP packets.

What is the impact of exploiting CVE-2011-1002?

Exploiting CVE-2011-1002 can cause the Avahi daemon to enter an infinite loop, effectively disabling its mDNS services.

Vulnerability/
CVE-2011-1002

medium

CWE

835 399

4/1/2011

22/2/2011

6/8/2024

CVE-2011-1002

First published: Tue Jan 04 2011(Updated: )

avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353. NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
redhat/avahi	<0:0.6.16-10.el5_6	0:0.6.16-10.el5_6
redhat/avahi	<0:0.6.25-11.el6	0:0.6.25-11.el6
Avahi AutoIP Daemon	<=0.6.28
Avahi AutoIP Daemon	=0.1
Avahi AutoIP Daemon	=0.2
Avahi AutoIP Daemon	=0.3
Avahi AutoIP Daemon	=0.4
Avahi AutoIP Daemon	=0.5
Avahi AutoIP Daemon	=0.5.1
Avahi AutoIP Daemon	=0.5.2
Avahi AutoIP Daemon	=0.6.1
Avahi AutoIP Daemon	=0.6.2
Avahi AutoIP Daemon	=0.6.3
Avahi AutoIP Daemon	=0.6.4
Avahi AutoIP Daemon	=0.6.5
Avahi AutoIP Daemon	=0.6.6
Avahi AutoIP Daemon	=0.6.7
Avahi AutoIP Daemon	=0.6.8
Avahi AutoIP Daemon	=0.6.9
Avahi AutoIP Daemon	=0.6.10
Avahi AutoIP Daemon	=0.6.11
Avahi AutoIP Daemon	=0.6.12
Avahi AutoIP Daemon	=0.6.13
Avahi AutoIP Daemon	=0.6.14
Avahi AutoIP Daemon	=0.6.15
Avahi AutoIP Daemon	=0.6.16
Avahi AutoIP Daemon	=0.6.17
Avahi AutoIP Daemon	=0.6.18
Avahi AutoIP Daemon	=0.6.19
Avahi AutoIP Daemon	=0.6.20
Avahi AutoIP Daemon	=0.6.21
Avahi AutoIP Daemon	=0.6.22
Avahi AutoIP Daemon	=0.6.23
Avahi AutoIP Daemon	=0.6.24
Avahi AutoIP Daemon	=0.6.25
Avahi AutoIP Daemon	=0.6.26
Avahi AutoIP Daemon	=0.6.27
Avahi Utilities	<=0.6.28
Avahi Utilities	=0.1
Avahi Utilities	=0.2
Avahi Utilities	=0.3
Avahi Utilities	=0.4
Avahi Utilities	=0.5
Avahi Utilities	=0.5.1
Avahi Utilities	=0.5.2
Avahi Utilities	=0.6.1
Avahi Utilities	=0.6.2
Avahi Utilities	=0.6.3
Avahi Utilities	=0.6.4
Avahi Utilities	=0.6.5
Avahi Utilities	=0.6.6
Avahi Utilities	=0.6.7
Avahi Utilities	=0.6.8
Avahi Utilities	=0.6.9
Avahi Utilities	=0.6.10
Avahi Utilities	=0.6.11
Avahi Utilities	=0.6.12
Avahi Utilities	=0.6.13
Avahi Utilities	=0.6.14
Avahi Utilities	=0.6.15
Avahi Utilities	=0.6.16
Avahi Utilities	=0.6.17
Avahi Utilities	=0.6.18
Avahi Utilities	=0.6.19
Avahi Utilities	=0.6.20
Avahi Utilities	=0.6.21
Avahi Utilities	=0.6.22
Avahi Utilities	=0.6.23
Avahi Utilities	=0.6.24
Avahi Utilities	=0.6.25
Avahi Utilities	=0.6.26
Avahi Utilities	=0.6.27
Red Hat Fedora	=15
Red Hat Enterprise Linux	=5.0
Red Hat Enterprise Linux	=6.0
Ubuntu	=8.04
Ubuntu	=9.10
Ubuntu	=10.04
Ubuntu	=10.10
Debian Linux	=5.0
Debian Linux	=6.0
Debian Linux	=7.0

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

What is the severity of CVE-2011-1002?
CVE-2011-1002 has a high severity level as it allows remote attackers to cause a denial of service through an infinite loop.
How do I fix CVE-2011-1002?
To fix CVE-2011-1002, upgrade to a version of Avahi that is at least 0.6.29 or higher.
Which versions of Avahi are affected by CVE-2011-1002?
CVE-2011-1002 affects multiple versions of Avahi, including but not limited to 0.6.25, 0.6.5, and 0.6.27.
What type of vulnerability is CVE-2011-1002?
CVE-2011-1002 is a denial of service vulnerability that can be exploited via empty mDNS UDP packets.
What is the impact of exploiting CVE-2011-1002?
Exploiting CVE-2011-1002 can cause the Avahi daemon to enter an infinite loop, effectively disabling its mDNS services.

collector/redhat-cve
agent/type
agent/first-publish-date
agent/weakness
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/references
agent/description
agent/event
agent/trending
agent/source
agent/author
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-historical
agent/softwarecombine
agent/tags
collector/nvd-api
package-manager/redhat
vendor/avahi
canonical/avahi autoip daemon
version/avahi autoip daemon/0.6.28
version/avahi autoip daemon/0.1
version/avahi autoip daemon/0.2
version/avahi autoip daemon/0.3
version/avahi autoip daemon/0.4
version/avahi autoip daemon/0.5
version/avahi autoip daemon/0.5.1
version/avahi autoip daemon/0.5.2
version/avahi autoip daemon/0.6.1
version/avahi autoip daemon/0.6.2
version/avahi autoip daemon/0.6.3
version/avahi autoip daemon/0.6.4
version/avahi autoip daemon/0.6.5
version/avahi autoip daemon/0.6.6
version/avahi autoip daemon/0.6.7
version/avahi autoip daemon/0.6.8
version/avahi autoip daemon/0.6.9
version/avahi autoip daemon/0.6.10
version/avahi autoip daemon/0.6.11
version/avahi autoip daemon/0.6.12
version/avahi autoip daemon/0.6.13
version/avahi autoip daemon/0.6.14
version/avahi autoip daemon/0.6.15
version/avahi autoip daemon/0.6.16
version/avahi autoip daemon/0.6.17
version/avahi autoip daemon/0.6.18
version/avahi autoip daemon/0.6.19
version/avahi autoip daemon/0.6.20
version/avahi autoip daemon/0.6.21
version/avahi autoip daemon/0.6.22
version/avahi autoip daemon/0.6.23
version/avahi autoip daemon/0.6.24
version/avahi autoip daemon/0.6.25
version/avahi autoip daemon/0.6.26
version/avahi autoip daemon/0.6.27
canonical/avahi utilities
version/avahi utilities/0.6.28
version/avahi utilities/0.1
version/avahi utilities/0.2
version/avahi utilities/0.3
version/avahi utilities/0.4
version/avahi utilities/0.5
version/avahi utilities/0.5.1
version/avahi utilities/0.5.2
version/avahi utilities/0.6.1
version/avahi utilities/0.6.2
version/avahi utilities/0.6.3
version/avahi utilities/0.6.4
version/avahi utilities/0.6.5
version/avahi utilities/0.6.6
version/avahi utilities/0.6.7
version/avahi utilities/0.6.8
version/avahi utilities/0.6.9
version/avahi utilities/0.6.10
version/avahi utilities/0.6.11
version/avahi utilities/0.6.12
version/avahi utilities/0.6.13
version/avahi utilities/0.6.14
version/avahi utilities/0.6.15
version/avahi utilities/0.6.16
version/avahi utilities/0.6.17
version/avahi utilities/0.6.18
version/avahi utilities/0.6.19
version/avahi utilities/0.6.20
version/avahi utilities/0.6.21
version/avahi utilities/0.6.22
version/avahi utilities/0.6.23
version/avahi utilities/0.6.24
version/avahi utilities/0.6.25
version/avahi utilities/0.6.26
version/avahi utilities/0.6.27
vendor/fedoraproject
canonical/red hat fedora
version/red hat fedora/15
vendor/redhat
canonical/red hat enterprise linux
version/red hat enterprise linux/5.0
version/red hat enterprise linux/6.0
vendor/canonical
canonical/ubuntu
version/ubuntu/8.04
version/ubuntu/9.10
version/ubuntu/10.04
version/ubuntu/10.10
vendor/debian
canonical/debian linux
version/debian linux/5.0
version/debian linux/6.0
version/debian linux/7.0