Evverx

**Name of the Vulnerable Software and Affected Versions** Avahi versions 0.9rc2 and below **Description** Avahi, a system for service discovery on a local network using mDNS/DNS-SD, is susceptible to a denial-of-service condition. Sending a crafted mDNS response with a recursive CNAME record, where the alias and canonical name are identical (e.g., "h.local" as a CNAME for "h.local"), can cause `avahi-daemon` to crash due to a segmentation fault. This occurs because of unbounded recursion within the `lookup handle cname` function, leading to stack exhaustion. The issue specifically impacts record browsers where `AVAHI LOOKUP USE MULTICAST` is explicitly enabled, including those used by `nss-mdns`. **Recommendations** Versions prior to 0.9rc2 should be updated to a version with the fix included in commit 78eab31128479f06e30beb8c1cbf99dd921e2524.

**Name of the Vulnerable Software and Affected Versions** systemd versions 250 through 251 **Description** The issue allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in the `parse elf object` function in `shared/elf-util.c`. The exploitation methodology involves crashing a binary calling the same function recursively and placing it in a deeply nested directory to make its backtrace large enough to cause the deadlock. This must be done 16 times when `MaxConnections=16` is set for the `systemd/units/systemd-coredump.socket` file. **Recommendations** For versions 250 and 251, as a temporary workaround, consider restricting access to the `systemd-coredump.socket` file to minimize the risk of exploitation. Additionally, avoid setting `MaxConnections` to a high value for this socket file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** avahi (affected versions not specified) **Description** A flaw in the avahi library allows an unprivileged user to make a dbus call, causing the avahi daemon to crash. This issue is related to an uncontrolled resource consumption, which can be exploited to cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.