{"id":"DEBIAN-CVE-2011-1002","details":"avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows remote attackers to cause a denial of service (infinite loop) via an empty mDNS (1) IPv4 or (2) IPv6 UDP packet to port 5353.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2010-2244.","modified":"2026-04-28T20:06:25.452368Z","published":"2011-02-22T19:00:02.503Z","upstream":["CVE-2011-1002"],"references":[{"type":"ADVISORY","url":"https://security-tracker.debian.org/tracker/CVE-2011-1002"}],"affected":[{"package":{"name":"avahi","ecosystem":"Debian:11","purl":"pkg:deb/debian/avahi?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.6.28-4"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2011-1002.json"}},{"package":{"name":"avahi","ecosystem":"Debian:12","purl":"pkg:deb/debian/avahi?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.6.28-4"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2011-1002.json"}},{"package":{"name":"avahi","ecosystem":"Debian:13","purl":"pkg:deb/debian/avahi?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.6.28-4"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2011-1002.json"}},{"package":{"name":"avahi","ecosystem":"Debian:14","purl":"pkg:deb/debian/avahi?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.6.28-4"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2011-1002.json"}}],"schema_version":"1.7.5"}