CVE-2006-6870 : The consume_labels function in avahi-core/dns.c in Avahi before 0.6.16 allows re

The consume_labels function in avahi-core/dns.c in Avahi before 0.6.16 allows remote attackers to cause a denial of service (infinite loop) via a crafted compressed DNS response with a label that points to itself.

Published 2006-12-31 05:00:00

Updated 2025-04-09 00:30:58

Source Canonical Ltd.

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2006-6870

Avahi » Avahi » Version: 0.6.7
cpe:2.3:a:avahi:avahi:0.6.7:*:*:*:*:*:*:*
Matching versions
Avahi » Avahi » Version: 0.6.8
cpe:2.3:a:avahi:avahi:0.6.8:*:*:*:*:*:*:*
Matching versions
Avahi » Avahi » Version: 0.6.9
cpe:2.3:a:avahi:avahi:0.6.9:*:*:*:*:*:*:*
Matching versions
Avahi » Avahi » Version: 0.6.10
cpe:2.3:a:avahi:avahi:0.6.10:*:*:*:*:*:*:*
Matching versions
Avahi » Avahi » Version: 0.6.11
cpe:2.3:a:avahi:avahi:0.6.11:*:*:*:*:*:*:*
Matching versions
Avahi » Avahi » Version: 0.6.14
cpe:2.3:a:avahi:avahi:0.6.14:*:*:*:*:*:*:*
Matching versions
Avahi » Avahi » Version: 0.6.15
cpe:2.3:a:avahi:avahi:0.6.15:*:*:*:*:*:*:*
Matching versions
Avahi » Avahi » Version: 0.6.12
cpe:2.3:a:avahi:avahi:0.6.12:*:*:*:*:*:*:*
Matching versions
Avahi » Avahi » Version: 0.6.13
cpe:2.3:a:avahi:avahi:0.6.13:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2006-6870

EPSS FAQ

3.51%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 87 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2006-6870

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

References for CVE-2006-6870

http://www.avahi.org/#December2006

avahi - mDNS/DNS-SD
Patch
http://www.securityfocus.com/bid/21881
http://secunia.com/advisories/23628

About Secunia Research | Flexera
http://secunia.com/advisories/23782

About Secunia Research | Flexera
http://fedoranews.org/cms/node/2362

404 Not Found
http://secunia.com/advisories/23660

About Secunia Research | Flexera
http://www.avahi.org/ticket/84

Page not found · GitHub Pages
Patch
http://secunia.com/advisories/24995

About Secunia Research | Flexera

CVEs referencing this url
http://www.mandriva.com/security/advisories?name=MDKSA-2007:003

Mandriva
http://secunia.com/advisories/23673

About Secunia Research | Flexera
http://www.avahi.org/changeset/1340

Page not found · GitHub Pages
http://fedoranews.org/cms/node/2408

404 Not Found
http://www.novell.com/linux/security/advisories/2007_007_suse.html

404 Page Not Found | SUSE

CVEs referencing this url
http://www.ubuntu.com/usn/usn-402-1

USN-402-1: Avahi vulnerability | Ubuntu security notices | Ubuntu
http://www.vupen.com/english/advisories/2007/0071

Site en construction
http://secunia.com/advisories/23644

About Secunia Research | Flexera

Jump to

Vulnerability Details : CVE-2006-6870

Products affected by CVE-2006-6870

Exploit prediction scoring system (EPSS) score for CVE-2006-6870

CVSS scores for CVE-2006-6870

References for CVE-2006-6870