CVE-2009-0758

Name of the Vulnerable Software and Affected Versions avahi-daemon versions 0.6.23 through 0.6.24-r2 avahi-daemon version 0.6.23

Description The issue is related to the originates from local legacy unicast socket function in avahi-daemon, which does not properly handle the network byte order of a port number when processing incoming multicast packets. This allows remote attackers to cause a denial of service by consuming network bandwidth and CPU resources via a crafted legacy unicast mDNS query packet that triggers a multicast packet storm. The vulnerability can be exploited remotely and may lead to disruption of protected information availability.

Recommendations For avahi-daemon versions 0.6.23 through 0.6.24-r2, update to version 0.6.24-r2 or later to resolve the issue. At the moment, there is no information about additional mitigation measures for this vulnerability.