Vulnerability Details : CVE-2007-3372
The Avahi daemon in Avahi before 0.6.20 allows attackers to cause a denial of service (exit) via empty TXT data over D-Bus, which triggers an assert error.
Vulnerability category: Denial of service
Products affected by CVE-2007-3372
- cpe:2.3:a:avahi:avahi:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-3372
4.77%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 93 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-3372
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:N/I:N/A:P |
3.9
|
2.9
|
NIST |
Vendor statements for CVE-2007-3372
-
Red Hat 2009-01-08Not vulnerable. This issue did not affect the versions of avahi as shipped with Red Hat Enterprise Linux 5.
References for CVE-2007-3372
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/35036
Avahi assert() function denial of service CVE-2007-3372 Vulnerability Report
-
http://www.vupen.com/english/advisories/2007/2317
Site en construction
-
http://avahi.org/changeset/1482
Page not found · GitHub Pages
-
http://avahi.org/milestone/Avahi%200.6.20
Page not found · GitHub PagesPatch
-
http://www.securityfocus.com/archive/1/472443/100/0/threaded
-
http://www.ubuntu.com/usn/usn-696-1
USN-696-1: Avahi vulnerabilities | Ubuntu security notices | Ubuntu
-
http://www.debian.org/security/2008/dsa-1690
[SECURITY] [DSA 1690-1] New avahi packages fix denial of service
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:185
Mandriva
-
http://www.securityfocus.com/bid/24614
-
http://www.securitytracker.com/id?1018706
Access Denied
-
http://www.novell.com/linux/security/advisories/2007_14_sr.html
Security - Support | SUSE
Jump to