CVE-2021-3502
Description
A flaw was found in avahi 0.8-5. A reachable assertion is present in avahi_s_host_name_resolver_start function allowing a local attacker to crash the avahi service by requesting hostname resolutions through the avahi socket or dbus methods for invalid hostnames. The highest threat from this vulnerability is to the service availability.
Risk Information
Base Score
5.5
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.032
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| IPv4LL network address configuration daemon (USN-5008-1) avahi-daemon_0.7-4ubuntu7.1_i386.deb | Linux |
| IPv4LL network address configuration daemon (USN-5008-1) avahi-daemon_0.7-4ubuntu7.1_amd64.deb | Linux |
| IPv4LL network address configuration daemon (USN-5008-1) avahi-daemon_0.8-3ubuntu1.1_i386.deb | Linux |
| IPv4LL network address configuration daemon (USN-5008-1) avahi-daemon_0.8-3ubuntu1.1_amd64.deb | Linux |
| IPv4LL network address configuration daemon (USN-5008-1) avahi-daemon_0.8-5ubuntu3.1_i386.deb | Linux |
| IPv4LL network address configuration daemon (USN-5008-1) avahi-daemon_0.8-5ubuntu3.1_amd64.deb | Linux |
| IPv4LL network address configuration daemon (USN-5008-1) avahi-daemon_0.7-3.1ubuntu1.3_i386.deb | Linux |
| IPv4LL network address configuration daemon (USN-5008-1) avahi-daemon_0.7-3.1ubuntu1.3_amd64.deb | Linux |
| IPv4LL network address configuration daemon (USN-5008-1) libavahi-core7_0.7-4ubuntu7.1_i386.deb | Linux |
| IPv4LL network address configuration daemon (USN-5008-1) libavahi-core7_0.7-4ubuntu7.1_amd64.deb | Linux |
| IPv4LL network address configuration daemon (USN-5008-1) libavahi-core7_0.8-3ubuntu1.1_i386.deb | Linux |
| IPv4LL network address configuration daemon (USN-5008-1) libavahi-core7_0.8-3ubuntu1.1_amd64.deb | Linux |
| IPv4LL network address configuration daemon (USN-5008-1) libavahi-core7_0.8-5ubuntu3.1_i386.deb | Linux |
| IPv4LL network address configuration daemon (USN-5008-1) libavahi-core7_0.8-5ubuntu3.1_amd64.deb | Linux |
| IPv4LL network address configuration daemon (USN-5008-1) libavahi-core7_0.7-3.1ubuntu1.3_i386.deb | Linux |
| IPv4LL network address configuration daemon (USN-5008-1) libavahi-core7_0.7-3.1ubuntu1.3_amd64.deb | Linux |
| Avahi update (ELSA-2023-6707) avahi-0.8-15.el9.i686.rpm | Linux |
| Avahi update (ELSA-2023-6707) avahi-0.8-15.el9.x86_64.rpm | Linux |
| Avahi-glib update (ELSA-2023-6707) avahi-glib-0.8-15.el9.i686.rpm | Linux |
| Avahi-glib update (ELSA-2023-6707) avahi-glib-0.8-15.el9.x86_64.rpm | Linux |
| Avahi-libs update (ELSA-2023-6707) avahi-libs-0.8-15.el9.i686.rpm | Linux |
| Avahi-libs update (ELSA-2023-6707) avahi-libs-0.8-15.el9.x86_64.rpm | Linux |
| Avahi-tools update (ELSA-2023-6707) avahi-tools-0.8-15.el9.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234