Thomas Kremer

**Name of the Vulnerable Software and Affected Versions** avahi version 0.8-5 **Description** A flaw in the avahi service allows a local attacker to crash the service by requesting hostname resolutions for invalid hostnames through the avahi socket or dbus methods. This is due to a reachable assertion in the `avahi s host name resolver start` function. The highest threat from this issue is to service availability. Exploitation of this flaw can lead to a denial of service. **Recommendations** For avahi version 0.8-5, as a temporary workaround, consider disabling the `avahi s host name resolver start` function until a patch is available. Restrict access to the avahi socket and dbus methods to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.