ALPINE-CVE-2017-6519 — Vulnetix

Try Vulnetix Request Demo

ALPINE-CVE-2017-6519 PUBLISHED CVSS 9.100000381469727 CRITICAL

avahi-daemon in Avahi through 0.6.32 and 0.7 inadvertently responds to IPv6 unicast queries with source addresses that are not on-link, which allows remote attackers to cause a denial of service (traffic amplification) and may cause information leakage by obtaining potentially sensitive information from the responding device via port-5353 UDP packets. NOTE: this may overlap CVE-2015-2809.

Risk Scores

CVSS v3.0

9.100000381469727

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Affected Products

Vendor	Product	Versions
Alpine:v3.14	avahi	0.6.28-r0, 0.7-r1, 0.7-r0
Alpine:v3.10	avahi	0, 0.6.28-r1, 0.6.28-r2
Alpine:v3.20	avahi	0, 0, 0.6.28-r0
Alpine:v3.9	avahi	0.7-r1, 0.7-r0, 0.6.32-r4
Alpine:v3.15	avahi	0.6.31-r8, 0, 0.6.28-r0
Alpine:v3.8	avahi	0.7-r1, 0, 0.6.28-r0
Alpine:v3.19	avahi	0.7-r0, 0.7-r0, 0.6.32-r4
Alpine:v3.13	avahi	0.6.30-r1, 0.7-r0, 0.6.32-r4
Alpine:v3.12	avahi	0.6.28-r0, 0.7-r1, 0.7-r0
Alpine:v3.18	avahi	0.6.30-r0, 0, 0.6.28-r0
Alpine:v3.23	avahi	0.6.28-r1, 0.6.29-r0, 0.6.30-r0
Alpine:v3.16	avahi	0.6.28-r1, 0.7-r1, 0.7-r0
Alpine:v3.17	avahi	0, 0.6.28-r0, 0.6.28-r1
Alpine:v3.7	avahi	0.6.31-r7, 0.6.28-r0, 0
Alpine:v3.11	avahi	0.7-r1, 0.7-r0, 0.6.32-r4
Alpine:v3.22	avahi	0.6.31-r1, 0.6.30-r3, 0.6.30-r2
Alpine:v3.21	avahi	0.7-r1, 0.6.28-r1, 0

Timeline

May 1, 2017 CVE Published
Dec 3, 2025 CVE Updated
Apr 30, 2026 Distribution Patch

References

https://security.alpinelinux.org/vuln/CVE-2017-6519 advisory

Open in Interactive Console →