First published: Sat Mar 27 2021(Updated: )
A flaw was found in avahi 0.8-5. A reachable assertion is present in avahi_s_host_name_resolver_start function allowing a local attacker to crash the avahi service by requesting hostname resolutions through the avahi socket or dbus methods for invalid hostnames. The highest threat from this vulnerability is to the service availability.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Avahi Avahi | =0.8-5 | |
debian/avahi | 0.8-5+deb11u2 0.8-10 0.8-13 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The CVE ID of this vulnerability is CVE-2021-3502.
The severity of CVE-2021-3502 is medium, with a CVSSv3 score of 5.5.
The Avahi software version 0.8-5 is affected by CVE-2021-3502.
A local attacker can crash the Avahi service by requesting hostname resolutions through the avahi socket or dbus methods with invalid hostnames.
Yes, you can find more information about CVE-2021-3502 in the following references: 1. [Red Hat Bugzilla](https://bugzilla.redhat.com/show_bug.cgi?id=1946914) 2. [Avahi GitHub Issue](https://github.com/lathiat/avahi/issues/338)